Paypal rest API gives Internal Error - web-services

I have been working on payment api,credit card payment method I am getting error code 500 .I tried with different payment type also but i keep getting this error.any workaround or solutions??? I tried this with sandbox and production too
request Header:
var header = {
'Authorization': authstr,
'Content-Type': 'application/json'
};
request body:
{"intent":"sale","payer":{"payment_method":"credit_card","funding_instruments":[{"credit_card":{"number":"4341848462238769","type":"visa","expire_month":5,"expire_year":2021,"cvv":"982","first_name":"Delwin","last_name":"thomas","billing_address":{"line1":"111 First Street","city":"Saratoga","state":"CA","postal_code":"95070","country_code":"US"}}}]},"transactions":[{"amount":{"total":"18.46","currency":"USD"},"description":"Check Transaction"}]}
Response:
{"type":"http.ClientResponse","code":500,"headers":{"paypal-debug-id":"a656f7398753","Paypal-Debug-Id":"a656f7398753","Server":"Apache","Connection":"close","HTTP_X_PP_AZ_LOCATOR":"sandbox.slc","Set-Cookie":"X-PP-SILOVER=name%3DSANDBOX3.API.1%26silo_version%3D1880%26app%3Dapiplatformproxyserv%26TIME%3D1779291994%26HTTP_X_PP_AZ_LOCATOR%3Dsandbox.slc; Expires=Wed, 18 Apr 2018 09:48:34 GMT; domain=.paypal.com; path=/; Secure; HttpOnly","Vary":"Authorization","Content-Length":"0","Date":"Wed, 18 Apr 2018 09:18:34 GMT","Content-Type":"text/plain; charset=ISO-8859-1","Via":"1.1 mono003.prod.dub.netledger.com"},"body":""}

Related

CSRF follies when trying to log in to Django with Python requests/sessions

I'm trying to log in to Django using Python requests. There are old questions about this, but none of them are answered due to inadequate details.
There are two CSRF tokens involved in this. One is the cookie, and the other is part of the login form. I've verified that Chrome returns the cookie token in the cookies and the form token in the body, and my url encoded body matches the format of one my browser passes back.
And yet I still get "Forbidden (CSRF token missing or incorrect.)" as my response. Can any one suggest what I might be doing wrong?
My Python looks like this:
def login(url, username, password):
session = requests.Session()
response = session.get(f"{url}/accounts/login/")
print(f"First headers: {response.headers}")
header_csrftoken = session.cookies['csrftoken']
print(f"Header csrftoken: {header_csrftoken}")
soup = BeautifulSoup(response.text, "html.parser")
form = soup.find("form", {"id":"login-form"})
found = form.find("input", {"name":"csrfmiddlewaretoken"})
form_csrftoken = found['value']
print(f"csrftoken2: {form_csrftoken}")
data = {'csrfmiddlewaretoken': form_csrftoken, 'username': username, 'password': password, 'next': '/'}
response2 = session.post(f"{url}/accounts/login/", data=data, headers={'content-type': 'x-www-form-urlencoded'})
print(f"outgoing: {response2.request.body}")
print(f"Headers: {response2.request.headers}")
First headers: {'Date': 'Mon, 20 Sep 2021 03:37:17 GMT', 'Server': 'WSGIServer/0.2 CPython/3.8.12', 'Content-Type': 'text/html; charset=utf-8', 'Expires': 'Mon, 20 Sep 2021 03:37:17 GMT', 'Cache-Control': 'max-age=0, no-cache, no-store, must-revalidate, private', 'Vary': 'Cookie, Origin', 'X-Frame-Options': 'DENY', 'Content-Length': '20609', 'X-Content-Type-Options': 'nosniff', 'Referrer-Policy': 'same-origin', 'Server-Timing': 'TimerPanel_utime;dur=16.402999999996837;desc="User CPU time", TimerPanel_stime;dur=3.0629999999973734;desc="System CPU time", TimerPanel_total;dur=19.46599999999421;desc="Total CPU time", TimerPanel_total_time;dur=21.546363830566406;desc="Elapsed time", SQLPanel_sql_time;dur=0;desc="SQL 0 queries", CachePanel_total_time;dur=0;desc="Cache 0 Calls"', 'Set-Cookie': 'csrftoken=FG9ronCxQUcIvT8iY79wF90CZjBKWFEhsB2sxVPYx4YQUZ5way1cHrazU46xk6Ig; expires=Mon, 19 Sep 2022 03:37:17 GMT; Max-Age=31449600; Path=/; SameSite=Lax'}
Header csrftoken: FG9ronCxQUcIvT8iY79wF90CZjBKWFEhsB2sxVPYx4YQUZ5way1cHrazU46xk6Ig
form_csrftoken: 8a0D501NMPJXmcCJiwt7BiFhTyrzJhQLV5TEeyeetZv5LizXuXlNDAPeOjWm7IUK
outgoing: csrfmiddlewaretoken=8a0D501NMPJXmcCJiwt7BiFhTyrzJhQLV5TEeyeetZv5LizXuXlNDAPeOjWm7IUK&username=myname&password=naistrai&next=%2F
Outgoing Headers: {'User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'content-type': 'x-www-form-urlencoded', 'Cookie': 'csrftoken=FG9ronCxQUcIvT8iY79wF90CZjBKWFEhsB2sxVPYx4YQUZ5way1cHrazU46xk6Ig', 'Content-Length': '141'}
I don't know if this is intended or not, but when handing a POST request, it passes through django/middleware/csrf.py:CsrfViewMiddleware.process_view(). When it reaches this function, the POST data in the body isn't available via request.POST.get('csrfmiddlewaretoken'), so that function just returns an empty string.
This is probably intended because in this case, the csrf token in the body is the wrong one -- it's the form csrf token, not the header csrf token -- and this function wants to validate it against the header one.
What I had to do to fix this was to add 'X-CSRFToken': header_csrftoken to the headers of the POST.

Set more than one cookie in the 'Set-Cookie' header in a cloudflare worker header.set('Set-Cookie' function

I'm trying to use a cloudfare worker to add 2 cookie key/value pairs to the response before sending it to the client.
Unfortunately all documentation for the cloudflare workers says to use the response.headers.set('Set-Cookie',xxx) function to set the cookie value:
let response = await fetch(request);
response = new Response(response.body, response);
response.headers.set('Set-Cookie', "val1=x; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
return response;
This only allows you to set one cookie header, and if called twice just overwrites the existing header.
I have tried calling the function twice, only the last value comes in:
response.headers.set('Set-Cookie', "val1=1; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
response.headers.set('Set-Cookie', "val2=2; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
I have tried passing 2 cookies in the one header, separated with a comma, but only one comes in:
response.headers.set('Set-Cookie', "val1=1; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';, val2=2; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
I have tried passing 2 cookie key/value pairs, but the first key value is set to "1, val2=2":
response.headers.set('Set-Cookie', "val1=1, val2=2; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
None of these work.
The only work around I have found is to bundle the vars up into one variable, and then use JS on the client side to unpack and apply the variable:
response.headers.set('Set-Cookie', "jsVal={val1:1, val2:2}; Expires=Wed, 21 Oct 2020 07:28:00 GMT; Path='/';");
.. and then in a js file apply the 2 cookie values. Obviously this is not ideal.
Has anyone had any luck applying 2 separate cookies in one response header via a cloudflare worker? Thanks.
There is Headers.append(): https://developer.mozilla.org/en-US/docs/Web/API/Headers/append
The difference between set() and append() is that if the specified
header already exists and accepts multiple values, set() will
overwrite the existing value with the new one, whereas append() will
append the new value onto the end of the set of values.

java.net.ProtocolException: Bad Set-Cookie header

The block of code for your reference is given below:
String hostname = "Hostname Value";
URI uri = new URI(hostname + "/solr/add/story/" + story.getId() + ".html");
final HTTPConnection con = new HTTPConnection(uri);
con.setAllowUserInteraction(false);
final HTTPResponse response = con.Get(uri.getPathAndQuery());
Here, while accessing the response i am getting below exception:
[ WARN] [com.thestreet.cms.integration.solr.SolrService] 12/02/2013 22:52:54-Unable
update front end search engine index with story 10446446
java.net.ProtocolException: Bad Set-Cookie header: FV=OID-|PID-|MID-|PUC-|DATE-
529D5595; path=/; expires=Tue, 01-Jan-2035 00:00:00 GMT; domain=.thestreet.com;,
BRIS=C0.A8.41.91|529D55951FB74EF; path=/; expires=Tue, 01-Jan-2035 00:00:00 GMT;
domain=.thestreet.com;,
RGIS=-1386042773,192.168.65.145,BA42A8C0,1076F795713A21E010941898- 0-1386042773-;
path=/; expires=Tue, 01-Jan-2035 00:00:00 GMT; domain=.thestreet.com;,
JSESSIONID=8A8A377CF937F6184D3F4774CC6F4CBA; Version=1; Path="/"; HttpOnly
No '=' found for token starting at position 432
at HTTPClient.Cookie.parse(Cookie.java:243)
at HTTPClient.CookieModule.handleCookie(CookieModule.java:454)
at HTTPClient.CookieModule.responsePhase1Handler(CookieModule.java:403)
at HTTPClient.HTTPResponse.handleResponse(HTTPResponse.java:724)
at HTTPClient.HTTPResponse.getStatusCode(HTTPResponse.java:190)
at com.thestreet.cms.integration.solr.SolrService$1.run(SolrService.java:450)
at java.lang.Thread.run(Thread.java:722)
This seems to be caused by Httponly bit in the cookie header since its not in the form of key-value pair. Is there any way to avoid a cookie header or cookie check while reading the response? Please help.
Thanks in advance.
The problem is your http request/response contains "HttpOnly" in its header. It appears to be that this value is not supported by application servers anymore. In order to fix this I wrote a workaround where "HttpOnly" is removed from the response on a server side.
String header = resp.getHeader("Set-Cookie");
if (header != null && header.endsWith("HttpOnly")) {
resp.setHeader("Set-Cookie", header.substring(0, header.length() - 8));
}
But the best solution is to remove "HttpOnly" from the header on the http client side.

Facebook graph API : can post on "me/feed" but not on "page_id/feed" (error : 1455002)

I guess the answer to this one is straightforward but I cannot find it. Any help would be very much appreciated.
I. Use case
The application (back-end in python / django) should write on a facebook page.
II. Symptoms
When running the code below on "me/feed", the post is correctly inserted
When running the code below on "PAGE_ID/feed", there is an exception (see below in section IV.)
The scope of the authorisation is publish_stream, manage_pages
Also, the user_token is from a user in the test domain
III. Code
## Getting the user_access_token is dealt with before
h = Http()
data = dict(message="Hello", access_token=user_access_token['access_token'])
resp, content = h.request("https://graph.facebook.com/PAGE_ID/feed", "POST", urlencode(data))
IV. Exception generated (using /PAGE_ID/feed)
resp : Response: {'status': '400', 'content-length': '119', 'expires': 'Sat, 01 Jan 2000 00:00:00 GMT', 'www-authenticate':
'OAuth "Facebook Platform" "invalid_request" "(#1) An unknown error occurred"', 'x-fb-rev': '976458',
'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'no-store', 'date': 'Tue, 22 Oct 2013 21:45:20
GMT', 'access-control-allow-origin': '*', 'content-type': 'text/javascript; charset=UTF-8', 'x-fb-debug':
'HFItWh64ob+3hErv+rgYdFzHlRBVHP7Pg0Eg4hvqYlY='}
content str: {"error":{"message":"(#1) An unknown error occurred","type":"OAuthException","code":1,"error_data":
{"kError":1455002}}}

In Varnish, how can I read the Set-Cookie response header?

I am trying to detect if my application has set a cookie that holds an "alert message" for the user on the next page, where the Javascript displays it if detected.
In my vcl_fetch(), I need to detect if the specific cookie value "alert_message" appears anywhere in the Set-Cookie header (presumably in the VCL variable beresp.http.Set-Cookie). If detected, then I do not want to cache that next page (since Varnish strips the Set-Cookie header by default, which would obliterate the alert message before it makes it back to the browser).
So here is my simple test:
if(beresp.http.Set-Cookie ~ "alert_message") {
set req.http.no_cache = 1;
}
Strangely, it fails to evaluate to true.
So I throw the variable into the Server header to see what it looks like:
set beresp.http.Server = " MyApp Varnish implementation - test reading set-cookie: "+beresp.http.Set-Cookie;
But for some reason this only displays the FIRST Set-Cookie line in the response headers.
Here are the relevant response headers:
Server: MyApp Varnish implementation - test reading cookie: elstats_session=7d7279kjmsnkel31lre3s0vu24; expires=Wed, 10-Oct-2012 00:03:32 GMT; path=/; HttpOnly
Set-Cookie:app_session=7d7279kjmsnkel31lre3s0vu24; expires=Wed, 10-Oct-2012 00:03:32 GMT; path=/; HttpOnly
Set-Cookie:alert_message=Too+many+results.; expires=Tue, 09-Oct-2012 20:13:32 GMT; path=/; domain=.my.app.com
Set-Cookie:alert_key=flash_error; expires=Tue, 09-Oct-2012 20:13:32 GMT; path=/; domain=.my.app.com
Vary:Accept-Encoding
How do I read and run string detection on ALL Set-Cookie header lines?
You can resolve it with header.get function from vmod header (Varnish version >= 3)
For example, I have simple PHP script and more than one Set-Cookie in it:
<?php
setcookie ("Foo", "test", time() + 3600);
setcookie ("Bar", "test", time() + 3600);
setcookie ("TestCookie", "test", time() + 3600);
?>
By default, only first Set-Cookie header will be parsed with ' if(beresp.http.Set-Cookie ~ "somedata" '.
Of course, we can use std.collect procedure from vmod std (already comes with Varnish 3 and not requires compilation) to collapse all our Set-Cookie headers to one, but it will break cookies - Bar and TestCookie will not set.
header.get avoids this defect: it will check all headers for regex match:
if (header.get(beresp.http.set-cookie,"TestCookie=") ~ "TestCookie")
{
set beresp.http.cookie-test = 1;
return(hit_for_pass);
}
So, with it I got in response headers on first and next requests:
cookie-test:1
Set-Cookie:Foo=test; expires=Tue, 09-Oct-2012 22:33:37 GMT
Set-Cookie:Bar=test; expires=Tue, 09-Oct-2012 22:33:37 GMT
Set-Cookie:TestCookie=test; expires=Tue, 09-Oct-2012 22:33:37 GMT
X-Cache:MISS
If I comment out setcookie for cookie TestCookie, then I will got HITs on next requests.