Jump to content

Notification from PayPal - Action Required


SuperCharlie

Recommended Posts

I just received the email below. I am using PS 1.4.8.2 with PayPal v2.8.7 by PrestaShop.

 

My question is.. are the coding requirements in my PayPal module or will I need to update the module.

 

Notification as follows..

-----------------------------------------------------------------------------

 

ACTION REQUIRED

Dear *************,

In a bulletin dated October 18, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our site’s performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting October 7, 2013.

We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” or “Host: ipnpb.paypal.com” header in the HTTP request.

Additional Details

Starting October 7, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after October 7, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.

Action Required before October 7, 2013

Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” and “Connection: close” HTTP header in the IPN postback script.

Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):

ASP
//Set values for the request back
req.Method="POST";
req.Host="'www.paypal.com'";
req.ContentType="application/x-www-form-urlencoded";

Perl
$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
$req->content_type('application/x-www-form-urlencoded');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection=> 'close');
PHP
// post back to PayPal system to validate
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";

Java
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setDoOutput(true);
uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");
uc.setRequestProperty("Host", "www.paypal.com");
uc.setRequestProperty("Connection", "Close");

The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.

For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via https://www.paypal.com/mts.

Sincerely,

PayPal

Link to comment
Share on other sites

I'm wondering the same thing myself.

 

It depends on what version of the PayPal module you are running I guess.

But in your /api/paypalconnect.php file you might see something like this:


private function _makeHeader($host, $script, $lenght)
    {
        $header =    'POST '.strval($script).' HTTP/1.0'."\r\n" .
                    'Host: '.strval($host)."\r\n".
                    'Content-Type: application/x-www-form-urlencoded'."\r\n".
                    'Content-Length: '.(int)($lenght)."\r\n".
                    'Connection: close'."\r\n\r\n";
        return $header;
    }

I am guessing that all you need to do is replace this

$header =    'POST '.strval($script).' HTTP/1.0'."\r\n" .

with this

$header =    'POST '.strval($script).' HTTP/1.1'."\r\n" .

and you should be good to go.

 

 

BUT I haven't tested this so please give it a try in a non-production environment and report on how it worked out!

Good luck.

  • Like 1
Link to comment
Share on other sites

Thank you for the breadcrumb TWDesign.. Yes, it appears my connection file is http 1.0. This is gonna cause a lot of pain and sorrow out there when this update hits. 

 

It does appear that maybe your fix would work, and I will keep that in my back pocket.. but someone at PS really needs to ring in on this with a definite answer and update.

Link to comment
Share on other sites

I just received the email below. I am using PS 1.4.8.2 with PayPal v2.8.7 by PrestaShop.

 

You do realize that there is an updated Paypal module?  The one you are using is quite old.  The latest version is 3.4.8.

 

The header in question is only used if connecting by FSOCK.  When using the CURL method, there are no headers being sent.  CURL would be used by default if the CURL extension is installed (this is very common).  Therefore the code referenced by TWDesign is not used.

  • Like 2
Link to comment
Share on other sites

Thank you for the reply bellini13. I know that both my PS and PP versions are old.. but I am also a firm believer in the dont fix it if it aint broke principle..as I have broken many things with simple updates for things that were working in the first place... it is good info on the CURL deal..and I am certain my server does support CURL.. so hopefully the boat will keep floating and the money will keep flowing.

 

Sooner or later I know I will need to jump to 1.5.x and I am not looking forward to moving my jillion products.. but thats a headache for another day..

Link to comment
Share on other sites

According to my phpinfo.php file, my server configuration is:

 

curl

cURL support enabled

cURL Information libcurl/7.24.0 OpenSSL/1.0.0 zlib/1.2.3 c-ares/1.7.0 libidn/1.18 libssh2/1.2.2

 

 

 

So it would appear we don't need to worry about changing anything according to Bellini13.

 

You should try uploading a phpinfo.php file to your root directory and

then enter the URL www.mysite.com/phpinfo.php

It will tell you whether cURL is enabled or not.

 

http://docs.simplemachines.org/index.php?topic=479.0

Edited by TWDesign (see edit history)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...