I reply to the sandbox url with the same message I get from the IPN (prefixed with cmd=_notify-validate)
and this error comes back from the paypal server:
status code/message: Forbidden (403)
body: {"coBrand":"us","currentYear":2018,"viewName":"response500","showFooter":{"type":"imageAndContent"},"rootTxn":{"name":"signin_csrftoken_error","data":{"msg":"CSRF error: CSRF token missing"},"status":"0"},"csrfError":true,"genericErrorCode":"cookieDisabled"}
When I sniffed with Chrome dev tools or Fiddler the request coming out of IPN simulator I've noticed that a csrf_token is presend both as a header and on the body.
But the message that gets to my IPN listener eventually doesn't contain it.
What could be the problem?
... View more