I got this email from Paypal today, so just passing it along.
Starting the 7th of October, 2013, we will require all incoming requests to have a “Host†header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request†errors after the 7th of October, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.
Action Required before the 7th of October, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host†and “Connection: close†HTTP header in the IPN postback script.
Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):
ASP
//Set values for the request back
req.Method="POST";
req.Host="'www.paypal.com'";
req.ContentType="application/x-www-form-urlencoded";
Perl
$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
$req->content_type('application/x-www-form-urlencoded');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection=> 'close');
PHP
// post back to PayPal system to validate
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";
The PayPal Sandbox has been configured to reject any HTTP requests without the “Host†header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to www.paypal.com/pdt and www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via www.paypal.com/mts.
Please enter your server specs in your user profile! 😢
PhoenixOffline
Joined: Mar 18, 2004
Posts: 1543
Location: Netosphere
Thanks - there's a bit more to it than that, but no problem. I also have to update Storez.
I modified the SMF versions last year and updated them again last month, and they work fine. Just a matter of getting to the DF, VB and MYBB versions, soon.
If you check the log section, any PayPal visit should be there.
Somewhere in your PayPal account is an area that lets you know of any return IPN issues - if it can't reach your site for whatever reason, it pauses and comes back several times. Mind you, if that becomes a frequent occurrence, PayPal gets a little testy and lets you know.
Basically update.inc monitors elapsed subscribers, so it won't affect your IPN.
Since I had already tested the changes on SMF, vB and MyBB sites, I didn't run a sandbox test on DF - looks like I'll have to do it after all.
Edit: hmm, just did a test and got this - you have an extra url in your return address - not sure yet whether this arises from you or me, though I don't get it on my site, albeit the DonationsPro version. <div style="text-align:center; margin-top:5px;">
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="cn" value="Comments" />
<input type="hidden" name="image_url" value="http://junglewraiths.net/images/http://www.junglewraiths.net/images/logo.gif" />
<input type="hidden" name="notify_url" value="http://junglewraiths.net/http://www.junglewraiths.net/ipntreas.php" />
<input type="hidden" name="cancel_return" value="http://junglewraiths.net/http://www.junglewraiths.net/index.php?name=Treasury" />
<input type="hidden" name="return" value="http://junglewraiths.net/http://www.junglewraiths.net/index.php?name=Treasury&file=thanks" />
<input type="image" src="modules/Treasury/images/x-click-but04.gif" name="I1" style="border:0; width:62px; height:31px;" />
</div>
Attachment:
jungle.png
Description
Filesize
20.00 KiB
Viewed
0 Time(s)
You are not allowed to view/download this attachment
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):