The PCI Security Standards Council mandated that all payment processors and ecommerce merchants upgrade their systems to a higher version of TLS by June 30, 2018. To avoid any disruption of services, ensure your systems are ready. Please direct any questions HERE
Upcoming Change to PayPal Subscriptions Beginning May22nd 2018, changes will be made to the way PayPal creates, manages, and displays subscriptions. Click here for an FAQ related to the upcoming changes being made to PayPal subscriptions.
We are using WooCommerce and after the customer's payment has been successfully taken via Paypal the customer sees a Paypal confirmation page with a 'Return to Merchant' button at the bottom, however the button does not work. In Paypal account preferences Auto-return is off so NOT expecting it to auto-return.
In Chrome's Inspector there is an error in the Console that says: Refused to send form data to 'https://mydomain.com/checkout/order-received/3083/?key=wc_order_5b6c0b0b81314&utm_nooverride=1' because it violates the following Content Security Policy directive: "form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com
From further reading I believe a Content Security Policy (CSP) needs adding either to the website .htaccess file or to a meta tag on the return page. Or I see there is a 'WP Content Security Policy' plugin, would that fix it? Anyone else had experience with this CSP error?
I am facing the same error after the TLS security has been updated. In sandbox, the payment is successfull but the return to merchant button is not working. There is a console error as it is not allowed to submit POST call form to redirect a 3rd party site.
Please help me on this.
This is an issue with Paypal's Content Security Policy. CSP is a feature of browsers to prevent loading content from domains you don't want content to load from. Their policy currently only allows this for form actions:
"form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com".
They will have to dynamically add the return url to the CSP for the return url from the merchant.
Here is the message I got from Paypal:
Thank you for contacting PayPal Merchant Technical Support. I am happy to assist you with this.
This is a known issue that our engineering team is working on. When they have a fix I will reach out via this ticket and update you.
Global Technical Support
OMG yes thank you for the answers. I registered an account just to find out more/post this issue. It's becoming a big issue for sites we built on woocommerce + paypal.
I Have 2 websites and i got same problems on them,
just the problem is new, i didnt had that problem before 4-5 days !
i hope someone can get the reason and solution for that.