Events Made Easy Forums How do I … Paypal IPN Change – Does EME Use HTTP 1.1 ?

Tagged: , , ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #44040
    Anonymous
    Inactive

    Hi Franky, it’s been a while; I hope all is well with you. Paypal sent out notices that in October 2013 they’ll be enforcing use of HTTP 1.1 for IPN payment communications.

    Does EME’s payment module already do that?

    Text of message below:

    In a bulletin dated October 18, 2011, we announced that we were going to

    expand the number of IP addresses for http://www.paypal.com to improve our

    site’s performance, scalability and availability. As part of this

    transition, we planned to discontinue support for HTTP 1.0 protocol

    starting October 7, 2013.

    We have recently identified that this change may impact the ability of

    some of our merchants to perform IPN (Instant Payment Notification)

    post-back validation or PDT (Payment Data Transfer) posts to

    http://www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT

    scripts use HTTP 1.0 protocol and do not include the “Host: http://www.paypal.com”

    or “Host: ipnpb.paypal.com” header in the HTTP request.

    *Additional Details *

    Starting October 7, 2013, we will require all incoming requests to have a

    “Host” header which complies with HTTP 1.1 Specifications. This header was

    not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start

    failing with “HTTP/1.0 400 Bad Request” errors after October 7, 2013, which

    will result in IPN messages not being validated successfully, or PDT

    scripts not being able to retrieve transaction information.

    *Action Required before October 7, 2013 *

    Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and

    include the “Host” and “Connection: close” HTTP header in the IPN postback

    script.

    Example with Host as http://www.paypal.com (please make necessary changes if you

    are using ipnpb.paypal.com):

    ASP

    //Set values for the request back

    req.Method=”POST”;

    req.Host=”‘www.paypal.com'”;

    req.ContentType=”application/x-www-form-urlencoded”;

    Perl

    $req=HTTP::Request->new(‘POST’, ‘https://www.paypal.com/cgi-bin/webscr’);

    $req->content_type(‘application/x-www-form-urlencoded’);

    $req->header(Host=> ‘www.paypal.com’);

    $req->header(Connection=> ‘close’);

    PHP

    // post back to PayPal system to validate

    $header=”POST /cgi-bin/webscr HTTP/1.1rn”;

    $header .=”Content-Type: application/x-www-form-urlencodedrn”;

    $header .=”Host: http://www.paypal.comrn <http://www.paypal.com%5Cr%5Cn>&#8221;;

    $header .=”Connection: closernrn”;

    Java

    HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();

    uc.setDoOutput(true);

    uc.setRequestProperty(“Content-Type”,”application/x-www-form-urlencoded”);

    uc.setRequestProperty(“Host”, “www.paypal.com”);

    uc.setRequestProperty(“Connection”, “Close”);

    The PayPal Sandbox has been configured to reject any HTTP requests without

    the “Host” header with HTTP 400 error. Merchants can use the Sandbox

    environment to certify the changes to their IPN and PDT scripts.

    For more information on PDT and IPN, please refer to

    http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional

    information or questions about this change, please contact PayPal’s

    Merchant Technical Support team via https://www.paypal.com/mts.

    Sincerely,

    PayPal

    #50640
    Franky
    Keymaster

    It should be fine, I already use HTTP/1.1 from version 1.0.12 on. See the changelog:

    * Bugfix: make paypal work via https and HTTP/1.1

    #50641
    Anonymous
    Inactive

    Beautiful, thank you. You are the Key Master all right. 🙂

    #50642
    Franky
    Keymaster

    Kneel before thou master, for I am root 🙂

    Just kidding ….

    … just kneel 🙂

    #50643
    Anonymous
    Inactive

    Well that got uncomfortable quickly. 🙂

    #50644
    Franky
    Keymaster

    Errr … please don’t kneel … just stand up and … argh, I really shot myself in the foot with this one.

    Last attempt to save myself: read the answer to the question Rhinodung posted concerning “a faulty back” here: http://www.i-mockery.com/generalzod/askzod.php

    That should do it 🙂

    Btw, I think the text was on a t-shirt of thinkgeek in the past, but it seems it’s not on the list any more: http://www.thinkgeek.com/tshirts-apparel/unisex/itdepartment/

    #50645
    Anonymous
    Inactive

    No, no, Franky, I got it right away, no worries. I was joking. 🙂

    (Also, my reply was kinda sorta based on “that escalated quickly”, a meme from a movie I haven’t seen yet.)

Viewing 7 posts - 1 through 7 (of 7 total)
  • The forum ‘How do I …’ is closed to new topics and replies.
Scroll to Top