Join the Community

By Joining, you can submit your own questions and reply to other member threads.

Join Today

Paypal: Action required before 7 October 2013


I have recieved an email from paypal regarding my JEM installation:
In a bulletin dated the 18th of October, 2011, we announced that we were going to expand the number of IP addresses for www.paypal.com to improve our siteâs performance, scalability and availability. As part of this transition, we planned to discontinue support for HTTP 1.0 protocol starting the 7th of October, 2013.
We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com and ipnpb.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the âHost: www.paypal.comâ or âHost: ipnpb.paypal.comâ header in the HTTP request.
Additional Details
Starting the 7th of October, 2013, we will require all incoming requests to have a âHostâ header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with âHTTP/1.0 400 Bad Requestâ errors after the 7th of October, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.
Action Required before the 7th of October, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the âHostâ and âConnection: closeâ HTTP header in the IPN postback script.
Example with Host as www.paypal.com (please make necessary changes if you are using ipnpb.paypal.com):
//Set values for the request back
$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');
$req->header(Host=> 'www.paypal.com');
$req->header(Connection=> 'close');
// post back to PayPal system to validate
$header="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: www.paypal.com\r\n";
$header .="Connection: close\r\n\r\n";
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection();
uc.setRequestProperty("Host", "www.paypal.com");
uc.setRequestProperty("Connection", "Close");
The PayPal Sandbox has been configured to reject any HTTP requests without the âHostâ header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via https://www.paypal.com/mts.
Can you please advise on where to find this code IF I need to make necessary changes
Many thanks

georgehcp610 Posted a reply 4 years ago

You can find a previous discussion with the correct code and what file to change at


the10001 Posted a reply 4 years ago

Many thanks!


Scanned and Verified

Security Seal
Certified by Trust Guard
Privacy Verified Seal
Business Seal