I'm testing out this module now in conjunction with the Node Checkout module. I am logged in as a authenticated user and can get all the way through checkout until I am redirected back to the site. I am redirected to this page:

/checkout/15/payment/return/GSudAHSfaC6km6N5qbLb8jNB8Wu3x3DZ0TzvWT0O4io?payment_method=paypal&token=EC-5Y966101448403611&PayerID=HF6BGTV3LGDT4

I get an Access Denied error. The order is not processed.

When testing this process as User1 I am redirected back to the site to the "checkout/[order_no]/paypal_ec" page where I can confirm my order and click "Pay Now".

I can't see that I am missing any permissions that would prevent anything. I also can't see where I would specify the page to return the user to at this point in the process. Any thoughts?

Comments

capellic’s picture

Do you have the Security Kit module installed? I do and I found this in my watchdog log:

Type	access denied
Date	Thursday, August 20, 2015 - 10:47
User	cgcuser1
Location	https://mysite.com/checkout/6/payment/return/DPqJU_W3NNxhkEVYUA0qeDkgsYi1FM8JF0u1UNCIcgA
Referrer	https://pilot-payflowlink.paypal.com/processTransaction.do
Message	checkout/6/payment/return/DPqJU_W3NNxhkEVYUA0qeDkgsYi1FM8JF0u1UNCIcgA
Severity	warning
Hostname	108.5.255.117

This comment (https://www.drupal.org/node/2403591#comment-9630361) clued me into this problem with Security Kit. But instead of turning off "HTTP Origin" I added the PayPal domain to the "Allow requests from" field, e.g. https://pilot-payflowlink.paypal.com

obuck’s picture

capellic #1 fixed my problem, since I have Security Suite installed. I was working with the Paypal Sandbox, so I had to set 'Allow requests from' to https://pilot-payflowlink.paypal.com,https://www.sandbox.paypal.com