Unable to extract timestamp and signatures from header (0)

[katalysis]

Following upgrade to Concrete CMS version 9 we're getting the following error with stripe checkout:

Uncaught IntegrationError: stripe.redirectToCheckout: Invalid value for sessionId. You specified ' cs_test_b1cRDPYPbb2ekOeQdOPGlOegkEAqqh8QhDfOmI2y1TqxeGLhxUPuUpoYDY'.

This also shows in the Concrete CMS dashboard reports as:

Exception Occurred: /var/www/vhosts/pampaswines.com/httpdocs/packages/community_store_stripe_checkout/vendor/stripe/stripe-php/lib/Exception/SignatureVerificationException.php:28 Unable to extract timestamp and signatures from header (0)

/checkout/stripecheckoutcreatesession seems to be creating a session ID e.g. cs_live_b1C7k1s7jfUuAEmX6UYWBmaVqy533kEnWNwTcjF3mMeVYC9fNWPdJ5scpe but for some reason Stripe does not accept it.

[Mesuva]

That's unusual. Is this with a new Stripe account? I'm wondering if its Stripe API version related...

[katalysis]

The site has been working well for a number of years. It's odd, we have another site running version 9 that uses this add on and works fine.

[Mesuva]

So this error is happening when you hit the final button in the checkout, at the point it would normally then do the redirect to Stripe Checkout for payment?

The first and second errors appear to be different things I believe, the first is about trying to create the session and do the redirect, and the second I believe is to do with the webhook not being validated.

I just set up this add-on in V9, putting in new keys from Stripe, and it redirected through to Stripe without issue. That's just local though, I haven't tested the webhook again yet.

Only thing I'm spotting is in your error message it kind of looks like there is a space before cstest.... (that may have been your cut and paste into github's comment though).

If you edit checkout_form.php, and put in just before the stripe.redirectToCheckout something like

alert('xxx'+data+'xxx');

Do you see the key, and it it free of whitespace?

[katalysis]

Suggests white space in front?

[Mesuva]

It does, when I did it, the xxx stayed with the rest of the key.

I'm wondering if there's whitespace at the end of some controller file somewhere. The controller.php file of this add-on really shouldn't end with a ?> for example, I should remove that (but I don't think is the problem here)

Perhaps another add-on has whitespace at the end of the package controller, and that's being output on the request from the checkout page to the endpoint /checkout/stripecheckoutcreatesession. That key should be the only thing output by that request, but if there's some other add-on installed that outputs whitespace it's going to muck that up.

[katalysis]

So I can fix it with: sessionId: data.trim(),

[Mesuva]

That'll work. I'll put that in the code anyway

[katalysis]

Thank you for your help Ryan.