X-Frame-Options forbidding redirect to PayPal

E

6

I've got a payment system that won't redirect to paypal because of the error: "Refused to display document because display forbidden by X-Frame-Options." The form is posted and the proper redirect url is made, but there is no response returned from the paypal queries:

This redirects properly to the next query: https://www.sandbox.paypal.com/webscr&cmd=_express-checkout&token=xxx

This shows no response: https://www.sandbox.paypal.com/us/cgi-bin/webscr?cmd=_flow&SESSION=xxx&dispatch=xxx

If I cut and paste the first query into the browser, it redirects to paypal, when running from the application (in Chrome) however, I get the X-Frame-Options error. (or in Firefox, nothing)

Et answered 1/9, 2011 at 14:22 Comment(0)

C

3

This means that Paypal doesn't allow you to use Paypal in an iframe. You should not use Payapl in an iframe.

Callie answered 1/9, 2011 at 14:37 Comment(7)

but it was working before, now all of a sudden it doesn't work – Et 1/9, 2011 at 14:47

Maybe Paypal just added this X-Frame-Options header – Callie 1/9, 2011 at 14:48

so I should be able to switch to an older version of paypal and it should work? I tried that too already..or did they add it to all versions for security purposes? – Et 1/9, 2011 at 14:52

Yes that's clearly a security measure, this is a protection against click-jacking and things like that. – Callie 1/9, 2011 at 14:52

but that would break any site with iframes already in place..it would have to be version specific – Et 1/9, 2011 at 14:58

actually, as long as you put target="_top" in the form tag in the iframe, it will work – Et 1/9, 2011 at 15:53

If the same iframe for Paypal express checkout is opened from Germany then it opens but if we try to open from India then it's restricted with X-Frame-Option: Origin header. It seems Paypal allows/restrict based on country also. – Darrickdarrill 15/7, 2016 at 9:14

L

3

I am getting the same issue with Sandbox and I found that it fixed after I remove all *.paypal.com cookies.

Lubumbashi answered 7/6, 2016 at 9:15 Comment(0)

S

1

Just add: target="_blank" to form

Susquehanna answered 22/5, 2013 at 11:3 Comment(1)

Works for me, easy but effective – Mordvin 15/9, 2015 at 17:31

D

1

In my case, it was mismatching environment name [sandbox/production] with clientId

Doomsday answered 10/3, 2017 at 23:40 Comment(0)

J

0

If you want to run Express Checkout in an iFrame, see Digital Goods for Express Checkout: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_IntroducingExpressCheckoutDG

You'll need to have it turned on in the sandbox by PayPal's Tech team before you can use it.

Jamiejamieson answered 1/9, 2011 at 17:33 Comment(0)

S

0

I'm currently working with paypal. You could, at first, think "Hey! tons of doc!! yay!", but it actually SUCKS. Tons of doc that assume you already know what you're looking for. Try the following JS code (you should have already invoked setExpressCheckout method and have a token):

$(document).ready(function() {
    //asynchronously fetch paypal's javascript
    jQuery.getScript('https://www.paypalobjects.com/js/external/dg.js', function(){console.debug("javascript loaded");});
});

//the handler that opens the iframe should be the following. This code assumes token variable has already been initalized
var dg = new PAYPAL.apps.DGFlow({trigger:null, expType:"light"});
dg.startFlow('https://www.sandbox.paypal.com/incontext?token=' +token);

The only thing I needed here whas the F***NG correct URL to use for testing (sandbox environment).

By the way, make sure you are logged in into your sandbox account before testing ;)

Saltigrade answered 5/10, 2011 at 13:55 Comment(0)

Recommended topics

Hot tags