Paypal Pro won't redirect after succesful payment on Magento 1.9.0.1

magento.stackexchange https://magento.stackexchange.com//questions/33656

  •  12-12-2019
  •  | 
  •  

Question

I'm running a store with Magento 1.9.0.1. It's setted up to process payments with Paypal Pro but I have a problem. Everytime I make a payment I don't get redirected to the success page, instead I have on the javascript console this error:

Invalid 'X-Frame-Options' header encountered when loading 'https://securepayments.sandbox.paypal.com/webapps/HostedSoleSolutionApp/webflow/sparta/hostedSoleSolutionProcess?execution=e1s1': 'ALLOW' is not a recognized directive. The header will be ignored.

I tried everything but I seem not to be able to resolve this problem.

Can anyone help me? Thanks.

Was it helpful?

Solution

The Problem

The problem you encounter is, that Paypal sends a wrong X-Frame-Options header.

The allowed headers are:

DENY
  A browser receiving content with this header field MUST NOT
  display this content in any frame.

SAMEORIGIN
  A browser receiving content with this header field MUST NOT
  display this content in any frame from a page of different origin
  than the content itself.

  If a browser or plugin cannot reliably determine whether or not
  the origin of the content and the frame are the same, this MUST be
  treated as "DENY".

  Please note that current implementations vary on the
  interpretation of this criteria.  In some, it only allows a page
  to be framed if the origin of the top-level browsing context is
  identical to the origin of the content using the X-Frame-Options
  directive; in others, it may consider the origin of the framing
  page instead.  Also see Section 2.3.2.2 for more details on the
  nesting of frames and variations in the handling of this header
  field by different browsers.  In addition, refer to Section 4,
  paragraph 2 for the resulting potential security problems.

ALLOW-FROM  (followed by a serialized-origin [RFC6454])
  A browser receiving content with this header MUST NOT display this
  content in a frame from any page with a top-level browsing context
  of different origin than the specified origin.  While this can
  expose the page to risks by the trusted origin, in some cases, it
  may be necessary to allow the framing by content from other
  domains.

You should contact paypal. But I think many others will have this problem too and hopefully paypal already fixes this.

So what to do?

Check the HTTP Header, if you find the header X-Frame-Options: ALLOW, then they sending a RFC INvalid header, therefore your browser is right, and they are wrong. The bad part is to convince them. What browser do you use?

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top