PayPal RESTful API Payment Module

[lat9]

I have a question.... I noticed that sometimes when you check out and the paypal window popup up. If I click on guest checkout and put an email address in it just keeps spinning. This happens a lot but not all the time. Is this a paypal issue or a zencart issue.

Attachment 21181

You've not provided enough information to determine whether the source of the issue lies with PayPal or Zen Cart. If you activate your browser's Developer Tools (by pressing F12 on a Windows computer) and view the "Console" tab, that will show any javascript/jQuery type issues going on.

[andy_77]

@lat9

Got this payment module up and running smoothly, and thought it would be a good idea to add spaces when a customer starts typing in a credit card number, e.g with a mastercard if a customer types in the 16 digit card number, it automatically creates a blank space after each forth number, and with Amex where numbers are slightly different, the blank space are created where they should go.

Thought this to be a good idea, as it may confuse customers whether to type in the card number without spaces or not; but by having it automatically applied as they type confirms how the number should be entered.

Also, got the card logo to show for the card that's being used as well, once the first card digits get entered.

E.G: Customer uses a mastercard, as soon as they type the first 4 digits, a mastercard logo appears.

Got this working; just got a few final tweaks to make, and wanted to know if this would be something that you'd like to push into a future update of the payment module?

If so; happy to provide a pull request, once the final tweaks have been made.

Kind Regards,

Andy

[chadlly2003]

You've not provided enough information to determine whether the source of the issue lies with PayPal or Zen Cart. If you activate your browser's Developer Tools (by pressing F12 on a Windows computer) and view the "Console" tab, that will show any javascript/jQuery type issues going on.

These are the errors that come up with paypal popup. It does work.
Though its very random. Seems like when i use firefox it where i see it happen more than usual. I click on guest checkout and type in email and it just spins
Not sure if this is a permission issue. Or an issue on paypal site.

errors within th paypal page

Code:

Cookie “__cflb” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.
Cookie “__cf_bm” has been rejected for invalid domain. api.js
Cookie “__cf_bm” has been rejected for invalid domain. hcaptcha.html
Cookie “__cf_bm” has been rejected for invalid domain. hcaptcha.html
Cookie “__cf_bm” has been rejected for invalid domain. checksiteconfig
Cookie “__cf_bm” has been rejected for invalid domain. hsw.js

[chadlly2003]

These are the errors that come up with paypal popup. It does work.
Though its very random. Seems like when i use firefox it where i see it happen more than usual. I click on guest checkout and type in email and it just spins
Not sure if this is a permission issue. Or an issue on paypal site.

errors within th paypal page

Code:

Cookie “__cflb” has been rejected because it is in a cross-site context and its “SameSite” is “Lax” or “Strict”.
Cookie “__cf_bm” has been rejected for invalid domain. api.js
Cookie “__cf_bm” has been rejected for invalid domain. hcaptcha.html
Cookie “__cf_bm” has been rejected for invalid domain. hcaptcha.html
Cookie “__cf_bm” has been rejected for invalid domain. checksiteconfig
Cookie “__cf_bm” has been rejected for invalid domain. hsw.js

also getting this error forgot to post it


Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: “script-src 'nonce-xxxxxxxxxxxxxxx' 'self' https://*.paypal.com https://*.paypalobjects.com https://*.googleapis.com” (Missing 'unsafe-eval')

[Shop Suey]

Do you have any XSS configured at your .htaccess?

[chadlly2003]

Do you have any XSS configured at your .htaccess?

this is a copy of my .htaccess. Usually i am fairly good at solving these issue. buto for some reason this has me stumped

this is a copy of my htaccess file

Code:

Options -Indexes

RewriteEngine On

# Force HTTPS + WWW in a SINGLE redirect
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.invertersupply\.com$ [NC]
RewriteRule ^(.*)$ https://www.invertersupply.com/$1 [L,R=301]

AddType application/x-font-ttf .ttf

<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google-gtagservices.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://mylivechat.com https://t2.mylivechat.com https://www.shopperapproved.com https://cdn.doofinder.com https://us1-config.doofinder.com https://maps.googleapis.com https://www.paypal.com https://www.paypalobjects.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://www.google.com https://cdn.jsdelivr.net https://mylivechat.com https://t2.mylivechat.com https://www.shopperapproved.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://cdn.doofinder.com https://us1-api.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://www.paypal.com https://www.paypalobjects.com; img-src 'self' data: https://invertersupply.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://www.shopperapproved.com https://mylivechat.com https://t2.mylivechat.com https://maps.gstatic.com https://www.paypalobjects.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.doofinder.com https://t2.mylivechat.com https://code.jquery.com https://www.shopperapproved.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.doofinder.com https://t2.mylivechat.com https://code.jquery.com https://www.shopperapproved.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src https://www.googletagmanager.com https://www.google.com https://mylivechat.com https://t2.mylivechat.com https://www.googleadservices.com https://*.doubleclick.net https://www.facebook.com https://www.paypal.com; form-action 'self' https://www.facebook.com https://www.invertersupply.com https://www.paypal.com; frame-ancestors 'self'; upgrade-insecure-requests;"
</IfModule>

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Header set Set-Cookie HttpOnly;Secure

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
   php_flag display_errors Off
   php_value max_execution_time 999999
   php_value max_input_time 999999
   php_value max_input_vars 1000
   php_value memory_limit 999999M
   php_value post_max_size 999999M
   php_value session.gc_maxlifetime 2880
   php_value session.save_path "/var/cpanel/php/sessions/nf-php74"
   php_value upload_max_filesize 999999M
   php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors Off
   php_value max_execution_time 999999
   php_value max_input_time 999999
   php_value max_input_vars 1000
   php_value memory_limit 999999M
   php_value post_max_size 999999M
   php_value session.gc_maxlifetime 2880
   php_value session.save_path "/var/cpanel/php/sessions/nf-php74"
   php_value upload_max_filesize 999999M
   php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

[Shop Suey]

comment this for figuring out your issues:

<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google-gtagservices.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://mylivechat.com https://t2.mylivechat.com https://www.shopperapproved.com https://cdn.doofinder.com https://us1-config.doofinder.com https://maps.googleapis.com https://www.paypal.com https://www.paypalobjects.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://www.google.com https://cdn.jsdelivr.net https://mylivechat.com https://t2.mylivechat.com https://www.shopperapproved.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://cdn.doofinder.com https://us1-api.doofinder.com wss://*.doofinder.com https://maps.googleapis.com https://www.paypal.com https://www.paypalobjects.com; img-src 'self' data: https://invertersupply.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://www.shopperapproved.com https://mylivechat.com https://t2.mylivechat.com https://maps.gstatic.com https://www.paypalobjects.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.doofinder.com https://t2.mylivechat.com https://code.jquery.com https://www.shopperapproved.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.doofinder.com https://t2.mylivechat.com https://code.jquery.com https://www.shopperapproved.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src https://www.googletagmanager.com https://www.google.com https://mylivechat.com https://t2.mylivechat.com https://www.googleadservices.com https://*.doubleclick.net https://www.facebook.com https://www.paypal.com; form-action 'self' https://www.facebook.com https://www.invertersupply.com https://www.paypal.com; frame-ancestors 'self'; upgrade-insecure-requests;"
</IfModule>

[chadlly2003]

Shop Suey

even if i remove all of the above it still the same issue. I made video so i could actuallyu show you guys the issue

https://www.loom.com/share/bfa9a2557...7f94e825c777b9


As mentioned this happens randomly.

[Shop Suey]

Be aware of webserver caching timing.
It can be of course whatever but IMHO your xss comands aren't that format I 'd use or recommend.

Sorry but I don't watch any videos or loom etc.

[chadlly2003]

I am not seeing the errors anymore. No changes on my end.

I also believe that while testing on my live site, I may have submitted too many times in a short period of time, which could have temporarily triggered a block from PayPal.

This is just my assumption.

I’ll leave it to the customers from here—if I receive any feedback from them regarding this issue, I’ll share an update.