Paypals sandbox stopped supporting HTTP 1.0 and only supports HTTP 1.1 according to the announcement below
https://www.paypal-notify.com/eventnotification/event_details?eventId=4283
The same will be done to the live payment endpoints later this month.
Due to the above change, when trying to make an express checkout payment, you get the following
Access Denied
You don't have permission to access "http://api-3t.sandbox.paypal.com/nvp" on this server.
Reference #18.a85e6cc1.1394550086.2c263a0 [protocol] => HTTP/1.0 [status_message] => Forbidden [headers] => Array ( [server] => AkamaiGHost [mime-version] => 1.0 [content-type] => text/html [content-length] => 285 [expires] => Tue, 11 Mar 2014 15:01:26 GMT [date] => Tue, 11 Mar 2014 15:01:26 GMT [connection] => close ) [code] => 403 [error] => Forbidden )
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | paypal_payment_2242123_8.patch | 706 bytes | xano |
Comments
Comment #1
xanoThanks for reporting this API change!
This is going to be challenging, since the module uses
drupal_http_request(), which hardcodes the HTTP 1.0 protocol. We may need to rewrite the code to use an entirely different method of making HTTP requests.Comment #2
_dcre_ commentedJust an update of a quick fix that seems to work.
The problem in our case was in the paypal_payment/includes/PayPalPaymentNVPAPIPaymentMethodControllerBase.inc
in function NVPAPIRequest(array $nvp_request, Payment $payment) where the http request is done through the 'drupal_http_request'
What we did was to install the 'cURL HTTP Request' module (https://drupal.org/project/chr) and replace the 'drupal_http_request' function call with the 'chr_curl_http_request'
The above seems to solve the problem at this specific point, since the chr_curl_http_request makes use of HTTP 1.1
Of course, any further info or advice about the issue would be appreciated and i would be glad to help in any other way i can.
Comment #3
xanoThanks for sharing that fix! It's an easy and good solution, but we cannot simply break backwards compatibility by introducing another dependency. I'll take a look at that code and see if we can solve temporarily this by adding some custom code, or maybe we can update Drupal core.
Comment #4
_dcre_ commentedOk, i would love to know what you decide on this.
Comment #5
xanoCould you review this, please?
Comment #7
xanoLet's see if we can #2242123: Make drupal_http_request() support HTTP 1.1. The reason the patch failed, is that replacing
drupal_http_request()with cURL requires quite a bit of code.Comment #8
xanoPlease test the attached patch after applying #2242123: Make drupal_http_request() support HTTP 1.1 to Drupal core first.
Comment #9
_dcre_ commentedPatch paypal_payment_2242123_8.patch does not work for me, for the exrpress checkout case.
The request is never done, or the response never returns, i am not sure.
I also get a 'Caution provisional headers are shown' message in chrome console
Comment #10
xanoHave you tried the patch along with the one from #2242123: Make drupal_http_request() support HTTP 1.1?
Comment #11
_dcre_ commentedYes, exactly. First i applied the #2242123: Make drupal_http_request() support HTTP 1.1 and then the paypal_payment_2242123_8.patch.
Have you tried it for an express checkout payment method??
Comment #12
stiggy avfc commentedComment #14
xanoWe can either require cURL HTTP Request, or build a somewhat elaborate check to see if
drupal_http_request()is capable of making HTTP 1.1 requests.Comment #15
rreiss commentedI've created a patch for commerce_paypal which may be helpful for you guys..
@see https://www.drupal.org/node/2263585#comment-11206959
Comment #16
malcolmp commentedInstallingcURL HTTP Request as mentioned above and going to admin/config/services/chr and setting it to override drupal http request fixed the issue for me. No patch needed.
Comment #18
torotil commentedBeginning with the next release paypal_payment will explicitly depend on chr.