search

craftcms / commerce-paypal

PayPal payment gateway for Craft Commerce.
https://plugins.craftcms.com/commerce-paypal
MIT License
6 stars 9 forks source link

PayPal Express checkout: callback error 400 #4

Closed meinhard-meintjes closed 5 years ago

meinhard-meintjes commented 6 years ago

Hi there,

We're having trouble with the PayPal Express checkout and would appreciate any help, or if it's a bug, any fixes. :) The setup is as following:

PHP 7.0.30 Craft Pro 3.0.13.2 Craft Commerce 2.0.0-beta.6 PayPal for Craft Commerce 1.0.0 SSL enabled tokenParam: [custom string]

PayPal Express Gateway Settings: Purchase + Test mode + Mark + Login (tried others too). Using PayPal Sandbox account credentials

This is what happens: At checkout I choose PayPal express from the "native" twig gateway handler template that comes with commerce. After clicking, the expected popup appears and I pay with one of the sandbox accounts created, that also has more than enough funds. The popup closes and triggers a callback to actions/commerce/payments/complete-payment.

Query string parameters are: p, commerceTransactionHash, token, PayerID (which all look OK).

That callback then returns status 400 with following error: {"error":"Es ist nicht möglich, Ihre Dateneingabe zu prüfen."}

Translated it means "It is not possible to check/verify your input".

I have also received the error 400 with "Uncaught Error: Request to post: failed with 400 error. Correlation id: unknown. {"error":"Es ist nicht möglich, Ihre Dateneingabe zu prüfen."}" on the same callback.

(My browser and craft user account are in English, so I'm not sure why it returns German errors. Site locale is German and PayPal account is based in Switzerland - maybe that's why.)

Thank you for looking into this!

Kind regards, Meinhard

andris-sevcenko commented 6 years ago

Can you disable CSRF protection on Craft and see if that fixes your issue? It's mentioned only in Stripe gateway docs (https://github.com/craftcms/commerce-stripe#disabling-csrf-for-webhooks), but I suppose we should mention it for all gateways that complete payment via a callback.

andris-sevcenko commented 6 years ago

Closing due to inactivity.

meinhard-meintjes commented 6 years ago

I'm sorry for not replying - adding the callback action to the CSRF-disabling code indeed fixed this issue... FYI

luke-nehemedia commented 5 years ago

Wouldn't it be nice to add this to the plugin itself?

class PluginController extends Controller
{
    // Disable CSRF validation for the entire controller 
    public $enableCsrfValidation = false;

    ...

In addition, it should at least be mentioned in the setup instructions of the plugin. It took me some time to find this post.

francoislevesque commented 5 years ago

For more information as to why CSRF must be disabled for PayPal routes: https://docs.craftcms.com/commerce/v2/payment-gateways.html#csrf-protection-issues

lukeholder commented 5 years ago

Fixed in Commerce. See https://github.com/craftcms/commerce/issues/900

Also removed the instructions in docs.