Sandbox paypal is not redirecting the user to success page [closed]

About

Asked 9/8, 2018 at 12:39 Answered 9/8, 2018 at 12:39

I have sandbox paypal business account and It working fine till yesterday but as of now user able successfully pay the amount from paypal and the transaction also reflects in my account but after that its not redirected user to the website success page.Its redirected user to cancel page after some time.
I got following errors in console,

Failed to load resource: the server responded with a status of 500 (Internal Server Error)

util.js:154 Refused to send form data to 'https://websitename/PayPalConfirmation' because it violates the following Content Security Policy directive: "form-action 'self' https://.paypal.com https://.cardinalcommerce.com".

Anybody can please help?

Abound answered 9/8, 2018 at 12:39 Comment(5)

Same issue here, it seems to depends on new Chrome Security Policies, I think PayPal has to fix this by whitelisting the destination website as a security policy of the form. I think this must having big impact worldwide but it's recent issue. If someone knows a workaround please help! – Inartistic 10/8, 2018 at 17:17

Just ran into this issue too. Getting this error the moment the PayPal code tries to execute their form.submit() after the 10 second timeout: "...because it violates the following Content Security Policy directive: "form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com"." Happens also if users click the "If you're not redirected to [Business Name] Test Store in 10 seconds, click here." Does anyone know if this is happening on live (non-sandbox) environments too? – Hoodoo 10/8, 2018 at 21:10

Just tried it in Firefox with this message shown snag.gy/1nuxic.jpg which gives users option to redirect to a non-https page. Luckily our live server has an SSL cert so I'm guessing it's not seeing this issue. Still, with that being said Chrome could handle it better than they are. Didn't test Safari or Edge. FF version tested in was for macOS 61.0.1 (64-bit). – Hoodoo 10/8, 2018 at 21:17

Giacomo is right. This is an issue with Paypal's Content Security Policy. CSP is a feature of browsers to prevent loading content from third-party domains. Currently PP only allows this for form actions: "form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com". They will have to dynamically add the return url to the CSP for the return url from the merchant. This is the message I got from Paypal....This is a known issue that our engineering team is working on. When they have a fix I will reach out via this ticket and update you. – George 11/8, 2018 at 21:30

I have the same issue - Please update when you got a fix! :) – Carduaceous 13/8, 2018 at 7:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags