X-Frame-Options forbidding redirect to PayPal
https://stackoverflow.com/questions/7271737
-
18-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've got a payment system that won't redirect to paypal because of the error: "Refused to display document because display forbidden by X-Frame-Options." The form is posted and the proper redirect url is made, but there is no response returned from the paypal queries:
This redirects properly to the next query: https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=xxx
This shows no response: https://www.sandbox.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=xxx&dispatch=xxx
If I cut and paste the first query into the browser, it redirects to paypal, when running from the application (in Chrome) however, I get the X-Frame-Options error. (or in Firefox, nothing)
La solution
This means that Paypal doesn't allow you to use Paypal in an iframe. You should not use Payapl in an iframe.
Autres conseils
I am getting the same issue with Sandbox and I found that it fixed after I remove all *.paypal.com cookies.
Just add: target="_blank" to form
In my case, it was mismatching environment name [sandbox/production] with clientId
If you want to run Express Checkout in an iFrame, see Digital Goods for Express Checkout: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_IntroducingExpressCheckoutDG
You'll need to have it turned on in the sandbox by PayPal's Tech team before you can use it.
I'm currently working with paypal. You could, at first, think "Hey! tons of doc!! yay!", but it actually SUCKS. Tons of doc that assume you already know what you're looking for. Try the following JS code (you should have already invoked setExpressCheckout method and have a token):
$(document).ready(function() {
//asynchronously fetch paypal's javascript
jQuery.getScript('https://www.paypalobjects.com/js/external/dg.js', function(){console.debug("javascript loaded");});
});
//the handler that opens the iframe should be the following. This code assumes token variable has already been initalized
var dg = new PAYPAL.apps.DGFlow({trigger:null, expType:"light"});
dg.startFlow('https://www.sandbox.paypal.com/incontext?token=' +token);
The only thing I needed here whas the F***NG correct URL to use for testing (sandbox environment).
By the way, make sure you are logged in into your sandbox account before testing ;)
