Paypal Pro won't redirect after succesful payment on Magento 1.9.0.1
-
12-12-2019 - |
Question
I'm running a store with Magento 1.9.0.1. It's setted up to process payments with Paypal Pro but I have a problem. Everytime I make a payment I don't get redirected to the success page, instead I have on the javascript console this error:
Invalid 'X-Frame-Options' header encountered when loading 'https://securepayments.sandbox.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess?execution=e1s1': 'ALLOW' is not a recognized directive. The header will be ignored.
I tried everything but I seem not to be able to resolve this problem.
Can anyone help me? Thanks.
Solution
The Problem
The problem you encounter is, that Paypal sends a wrong X-Frame-Options
header.
DENY
A browser receiving content with this header field MUST NOT
display this content in any frame.
SAMEORIGIN
A browser receiving content with this header field MUST NOT
display this content in any frame from a page of different origin
than the content itself.
If a browser or plugin cannot reliably determine whether or not
the origin of the content and the frame are the same, this MUST be
treated as "DENY".
Please note that current implementations vary on the
interpretation of this criteria. In some, it only allows a page
to be framed if the origin of the top-level browsing context is
identical to the origin of the content using the X-Frame-Options
directive; in others, it may consider the origin of the framing
page instead. Also see Section 2.3.2.2 for more details on the
nesting of frames and variations in the handling of this header
field by different browsers. In addition, refer to Section 4,
paragraph 2 for the resulting potential security problems.
ALLOW-FROM (followed by a serialized-origin [RFC6454])
A browser receiving content with this header MUST NOT display this
content in a frame from any page with a top-level browsing context
of different origin than the specified origin. While this can
expose the page to risks by the trusted origin, in some cases, it
may be necessary to allow the framing by content from other
domains.
You should contact paypal. But I think many others will have this problem too and hopefully paypal already fixes this.
So what to do?
Check the HTTP Header, if you find the header X-Frame-Options: ALLOW, then they sending a RFC INvalid header, therefore your browser is right, and they are wrong. The bad part is to convince them. What browser do you use?