- This topic has 6 replies, 2 voices, and was last updated 10 years, 8 months ago by
.
-
Posts
-
Hi Franky, it’s been a while; I hope all is well with you. Paypal sent out notices that in October 2013 they’ll be enforcing use of HTTP 1.1 for IPN payment communications.
Does EME’s payment module already do that?
Text of message below:
In a bulletin dated October 18, 2011, we announced that we were going to
expand the number of IP addresses for http://www.paypal.com to improve our
site’s performance, scalability and availability. As part of this
transition, we planned to discontinue support for HTTP 1.0 protocol
starting October 7, 2013.
We have recently identified that this change may impact the ability of
some of our merchants to perform IPN (Instant Payment Notification)
post-back validation or PDT (Payment Data Transfer) posts to
http://www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT
scripts use HTTP 1.0 protocol and do not include the “Host: http://www.paypal.com”
or “Host: ipnpb.paypal.com” header in the HTTP request.
*Additional Details *
Starting October 7, 2013, we will require all incoming requests to have a
“Host” header which complies with HTTP 1.1 Specifications. This header was
not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start
failing with “HTTP/1.0 400 Bad Request” errors after October 7, 2013, which
will result in IPN messages not being validated successfully, or PDT
scripts not being able to retrieve transaction information.
*Action Required before October 7, 2013 *
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and
include the “Host” and “Connection: close” HTTP header in the IPN postback
script.
Example with Host as http://www.paypal.com (please make necessary changes if you
are using ipnpb.paypal.com):
ASP
//Set values for the request back
req.Method=”POST”;
req.Host=”‘www.paypal.com'”;
req.ContentType=”application/x-www-form-urlencoded”;
Perl
$req=HTTP::Request->new(‘POST’, ‘https://www.paypal.com/cgi-bin/webscr’);
$req->content_type(‘application/x-www-form-urlencoded’);
$req->header(Host=> ‘www.paypal.com’);
$req->header(Connection=> ‘close’);
PHP
// post back to PayPal system to validate
$header=”POST /cgi-bin/webscr HTTP/1.1rn”;
$header .=”Content-Type: application/x-www-form-urlencodedrn”;
$header .=”Host: http://www.paypal.comrn <http://www.paypal.com%5Cr%5Cn>”;
$header .=”Connection: closernrn”;
Java
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty(“Content-Type”,”application/x-www-form-urlencoded”);
uc.setRequestProperty(“Host”, “www.paypal.com”);
uc.setRequestProperty(“Connection”, “Close”);
The PayPal Sandbox has been configured to reject any HTTP requests without
the “Host” header with HTTP 400 error. Merchants can use the Sandbox
environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to
http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional
information or questions about this change, please contact PayPal’s
Merchant Technical Support team via https://www.paypal.com/mts.
Sincerely,
PayPal
It should be fine, I already use HTTP/1.1 from version 1.0.12 on. See the changelog:
* Bugfix: make paypal work via https and HTTP/1.1
Beautiful, thank you. You are the Key Master all right. 🙂
Well that got uncomfortable quickly. 🙂
Errr … please don’t kneel … just stand up and … argh, I really shot myself in the foot with this one.
Last attempt to save myself: read the answer to the question Rhinodung posted concerning “a faulty back” here: http://www.i-mockery.com/generalzod/askzod.php
That should do it 🙂
Btw, I think the text was on a t-shirt of thinkgeek in the past, but it seems it’s not on the list any more: http://www.thinkgeek.com/tshirts-apparel/unisex/itdepartment/
No, no, Franky, I got it right away, no worries. I was joking. 🙂
(Also, my reply was kinda sorta based on “that escalated quickly”, a meme from a movie I haven’t seen yet.)
- The forum ‘How do I …’ is closed to new topics and replies.