Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Referrer Request Header in form post #24

Open
MathewWoodhall opened this issue Jan 8, 2019 · 7 comments
Open

No Referrer Request Header in form post #24

MathewWoodhall opened this issue Jan 8, 2019 · 7 comments

Comments

@MathewWoodhall
Copy link

Hi,
we have an issue with our implementation using the embedded method. Everything is working great in sandbox mode but once we remove sandbox and switch to live we get...

'505 You cannot use this service from there null Please contact the merchant.'

Looking at the request headers for the form data post to https://pay.elavonpaymentgateway.com/pay we can see Origin: null. Also no referrer header is present in the headers. Is this causing the 505 error?

Anyone ran into this issue or know of a solution?

Thanks for any help.
@MathewWoodhall MathewWoodhall changed the title Origin Null and no Referrer Request Header Origin Null and no Referrer Request Header in form post Jan 8, 2019
@MathewWoodhall
Copy link
Author

We've narrowed the issue down to the missing referrer request header - by testing with the referrer manually added using the 'referer control' chrome extension the live setup works.

So how can we add the referrer header to the request? I've tried setting the referrer meta tag of the hpp and parent page to 'origin' but it makes no difference.

@MathewWoodhall MathewWoodhall changed the title Origin Null and no Referrer Request Header in form post No Referrer Request Header in form post Jan 8, 2019
@NC2019
Copy link

NC2019 commented May 9, 2019

@MathewWoodhall - Did you solve this? I have exactly the same issue.

@MathewWoodhall
Copy link
Author

@MathewWoodhall - Did you solve this? I have exactly the same issue.

I came up with the following work around which has been fine for us for the past few months. If I remember right the issue stems from the iframe needing a src attribute(without one the referrer and origin will not be sent with the initial request to https://pay.elavonpaymentgateway.com/pay) so we changed the iframe html to:

<iframe id="targetIframe" src="assets/loading-iframe.html" (load)="innitHPP()"></iframe>

and loading-iframe.html has the following content:

<!doctype html>
<html>
	<head>
		<meta name="referrer" content="origin">
	</head>
	<body>
		Loading...
	</body>
</html>

When initting the hpp you will see 'Loading...' breifly and the request to 'https://pay.elavonpaymentgateway.com/pay' should have the required origin and referrer.

Hope this helps.

@artur-bartlinski
Copy link

Hi,

I have the same issue after we updated to the newest version of this library. With older version it did make any difference if 'Origin' was null or not. It does make difference now.
I was necessary to update to new version, because support for 3DSv2 was needed.

As @MathewWoodhall mentioned it works fine if we request to snadbox, but as soon as we set domain to 'https://pay.realexpayments.com/pay' then we get error.

This code we added to our checkout page:

$(document).ready(function () {
RealexHpp.setHppUrl(realexDomain);
RealexHpp.lightbox.init("checkout-button", "/basket/response", data);
});

'data' comes from backend (we use https://github.com/realexpayments/rxp-hpp-php):

$realexHpp = new \com\realexpayments\hpp\sdk\RealexHpp($sharedSecret);
$realexHpp->requestToJson($hppRequest, false);

I could not resolve it so far. Any help is much appreciated.

@heinrich-fresh
Copy link

I have the exact same issue. the solution from @MathewWoodhall which seems to work on our dev server but it is inconsistent so sometimes the iframe loads other times it does not.

So this is definitely a problem. I played around with the rxp-js code to see if I can get it working but it does not want to work at all.

@spagu
Copy link

spagu commented Dec 18, 2020

Any progress on this one?

@carlbradwell17
Copy link

carlbradwell17 commented Dec 18, 2020
edited
Loading

I have used the same solution as @MathewWoodhall, where the iframe must initially load a local page with in the head, which ensures the Origin and Referrer headers are set.

I also then encountered the same issue described by @heinrich-fresh, where sometimes the iframe would not load, i.e. sometimes it would be stuck on "Loading...".

I believe the issue was caused by identifying when to call the RealexHpp.embedded.init() method.

You cannot load it on $(document).ready() because this is when the parent document is loaded, not the document within the iframe src (which we need for the Origin and Referrer headers to be correct). I then tried using the iframe's load() event, but this proved inconsistent.

My current solution utilizes JS postMessage function, so the iframe tells the enclosing document when to call it. This will only work if the iframe src document is in the same origin as the enclosing document.

So the iframe src document includes:

<head>
<meta name="referrer" content="origin" />
<script>
$(document).ready(function() {
	
	setTimeout(function () {
		window.parent.postMessage(
			"iframe ready",
			https://www.myurl.com
		);
	}, 200);
	
});
</script>
</head>

The enclosing document includes:

<script>
$(document).ready(function() {
$(window).on("message", function(e) {
		var data = e.originalEvent.data;
		
		if(data === "iframe ready") {
			
		RealexHpp.setHppUrl("someurl");
		RealexHpp.embedded.init();
		}
	});
});
</script>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@spagu @MathewWoodhall @artur-bartlinski @carlbradwell17 @NC2019 @heinrich-fresh