[Done v1.3.9e]Auth.Net SIM - Safari checkout_success page= Bad links no css or images

[stride-r]

I can also state that i believe this is a new phenomena as I ran a number of SIM Auth.net test transactions (via Safari) through the site as recent as 30 days ago ...and it worked fine then. The issue seems to be something new.

[dharma]

The way zc's Authorize.Net SIM works is the customer is taken to : https://secure.authorize.net/gateway/transact.dll after the confirmation page, fills in their details and if approved Authorize.Net grabs your HTML of checkout_success page and displays it on their website, thats why the URL is https://secure.authorize.net/gateway/transact.dll .

Up until a few weeks ago all browsers including safari displayed this "forwarded HTML" perfectly. Now however Safari's new version (5) ignores your <base> (mysite.com) html of the code and replaces it with (secure.authorize.net)'s because that is the site you are on.

So images are https://secure.authorize.net/gateway/images/product.jpg

instead of https://mysite.com/images/product.jpg

I think this is not a bug but a new security feature that apple has added. So their is no immediate solution to Safari customers, unless the zc coding is changed to work like paypal (customer is sent back to your site for success page) or all the <base> href are changed to absolute URL's on the success page.

This may seem like a small issue now, as it only affects Safari users on shops that use Authorize.Net SIM, but I think in time with more shops turning from AIM to SIM because of PCI liability and spoofing being more of an issue, most browsers will function this way.

[DrByte]

Using Safari the customer sees and completes the Authorize.net SIM payment page, clicks submit (and is approved) Authorize.net grabs the "checkout_success" page from my store and displays on "https://secure.authorize.net/gateway/transact.dll" missing CSS, images and some of the links are bad (page hyper links are via https://secure.authorize.net/ not https://mystore.com/ )

All other browsers work fine except safari (Windows) and safari mac (v. 4 & 5).


When I set up Authorize.net SIM a few weeks ago, I tested it with safari and it displayed correctly. I am running zen cart 1.39d and 138a both show this issue. My "response" and "receipt" URL settings in my Authorize.net Merchant Profile are left BLANK. I am using the MD5 Hash.

I have already called Authorize.net and they say its a problem with the zc code, which on my 138a store has not changed since installing SIM. Does anyone else see this issue?

The way zc's Authorize.Net SIM works is the customer is taken to : https://secure.authorize.net/gateway/transact.dll after the confirmation page, fills in their details and if approved Authorize.Net grabs your HTML of checkout_success page and displays it on their website, thats why the URL is https://secure.authorize.net/gateway/transact.dll .

Up until a few weeks ago all browsers including safari displayed this "forwarded HTML" perfectly. Now however Safari's new version (5) ignores your <base> (mysite.com) html of the code and replaces it with (secure.authorize.net)'s because that is the site you are on.

So images are https://secure.authorize.net/gateway/images/product.jpg

instead of https://mysite.com/images/product.jpg

I think this is not a bug but a new security feature that apple has added. So their is no immediate solution to Safari customers, unless the zc coding is changed to work like paypal (customer is sent back to your site for success page) or all the <base> href are changed to absolute URL's on the success page.

This may seem like a small issue now, as it only affects Safari users on shops that use Authorize.Net SIM, but I think in time with more shops turning from AIM to SIM because of PCI liability and spoofing being more of an issue, most browsers will function this way.

Problem noted. Research in progress. Very little technical information available on the what/why aspects of the browser changes.

[DrByte]

You can try the following hack by replacing the following files with the files in the attached zip:
This is ONLY SUITABLE FOR v1.3.9d:
/includes/modules/payment/authorizenet.php
/includes/modules/checkout_process.php (no significant changes)
/includes/modules/checkout_process/header_php.php
/includes/modules/checkout_success/header_php.php

NOTE: These changes will be included in v1.3.9e

[dharma]

I uploaded the new files:

/includes/modules/payment/authorizenet.php
/includes/modules/checkout_process.php (no changes)
/includes/modules/checkout_process/header_php.php
/includes/modules/checkout_success/header_php.php


and ran a test with Safari 5 and it works perfectly!

After the customer clicks submit on the https://secure.authorize.net/gateway/transact.dll page they are sent to a white page with centered text explaining something (loads/forwards in under a second, too fast to read) this page forwards to mysite.com's checkout_success page with CSS, images and working links!

yay!

Will this "hack" be added to the core code in the next release of 1.3.9e?

I'm a bit cautious about running custom/beta code with payment modules esp. seeing this in the new coding:

PHP Code:

MODULE_PAYMENT_AUTHORIZENET_MD5HASH == 'DANGEROUSLY-BYPASSED 


[DrByte]

The changes will be included in v1.3.9e and newer.

The code about which you claim to be alarmed is commented-out, and therefore irrelevant.

[dharma]

Smokin'! Thanks Dr. Byte!