After a successful payment, if user clicks on the "Return to merchant" button from PayPal, he is redirected to page cart/checkout/complete
.
But at the same time, browser displays an unwanted scary security warning about moving to a http page from a https page.
At this point, user is forced to click whether "Continue" or "Cancel".
If user clicks "Continue", he will be then redirected to cart
with message "Thank you for your order! PayPal will notify us once your payment has been processed.", and can no longer see the useful information displayed on cart/checkout/complete
.
This is a major problem that can easily be fixed:
Instead of sending value 2 to PayPal for variable rm
(Return Method), 1 should be sent.
This way, the "Return to merchant" button is rendered as a simple link to cart/checkout/complete
and no security warning is displayed.
For information, rm=2 is only useful when you want to use POST data sent back by PayPal when returning to merchant. But page callback uc_paypal_complete
does not use it at all so it makes no sense here.
Comment | File | Size | Author |
---|---|---|---|
#2 | paypal_wps_return_warning-1535634-2.patch | 598 bytes | anrikun |
#1 | paypal_wps_return_warning-1535634-1.patch | 588 bytes | anrikun |
Comments
Comment #1
anrikun CreditAttribution: anrikun commentedThe very simple patch:
Comment #2
anrikun CreditAttribution: anrikun commentedThe same big patch for 7.x-3.x :-)
Comment #3
longwaveConfirmed and committed, thanks for the patches.
This may have to be revisited for #1421298: Is there any Paypal PDT support? but it's a quick fix for now.
Comment #4.0
(not verified) CreditAttribution: commentedFixed a typo.