|
DrPaulS
|
April 19, 2018 at 8:17 pm
I have a WordPress site that is fully updated, running the most recent version of EE4. I installed an SSL but it wasn’t properly configured before (pages not showing up as https) but sandbox transactions worked. Now that the SSL is installed and all the pages are https, I’m getting the “security header not valid” error. The site shows up as being secure on “whynopadlock.com” but shows up as having a mix of secure and unsecure material on Chrome when I go to the page with the EE registration form on it. I’ve made sure to scour the coding for any residual references to “http” instead of “https” but I still get the error “security header not valid” when I try and do a sandbox transaction (real-life transactions get this error also). I’ve double checked my PayPal API information and even tried removing it and getting new credentials to plug in with no luck. I’m in a little bit of a bind because I have an event whose registration started on Monday and no one is able to register for it! Thanks for the help.
|
|
DrPaulS
|
April 19, 2018 at 8:32 pm
Side note: I tried the Event Espresso “test” credit card number and I also tried my PayPal Sandbox Developer “test” credit card number, both with same result. I’ve seen the source code on my registration page and there are some references to “http” in there… could that be what’s causing the security issue? Is there a workaround here? Can I embed the form on a secure page? Not sure if that would help, since the seemingly non-secure code is IN the form, but it would be worth a shot at this point? Thanks again!
|
|
Tony
|
April 20, 2018 at 4:12 am
Hi there,
I’ve seen the source code on my registration page and there are some references to “http” in there… could that be what’s causing the security issue?
Usually not but I just checked your site on the payment step and only see one reference to HTTP which is in an error message.
Can you re-enable PayPal Pro so I can take a look?
Is there a workaround here?
We don’t know what the problem is yet so can’t really answer that.
99% of the time, a security header is no valid error is from invalid credentials, you mentioned you’ve checked those, have you’ve checked for spaces before/after all of the credentials?
To use PayPal Pro you need a pro account with PayPal, do you have one? (There’s a monthly fee from PayPal for that account, if your account does not currently incur a monthly fee you don’t have the correct account type with PayPal to use Pro)
Whilst you are free to use whichever payment method you prefer, PayPal Pro (along with any ‘on-site’ payment method) increases your PCI compliance scope by a huge amount so I’m just checking you are also aware of that?
Can I embed the form on a secure page? Not sure if that would help, since the seemingly non-secure code is IN the form, but it would be worth a shot at this point?
No, and there should be no need to, there’s no reason why the ‘normal’ page your using now shouldn’t work.
|
|
DrPaulS
|
April 20, 2018 at 6:17 am
Thank you so much for responding so quickly. Each day that this goes on, I’m potentially losing clients. I really appreciate your help. To answer your questions, I’ve re-enabled PayPal Pro, which I do have and which I do pay for monthly. I have checked my API credentials for extra spaces and even de-activated the plugin, cleared out the credentials, re-inputted them and even gotten new ones. I’ve also installed the plugin “Real Simple SSL” to make sure my SSL is installed/initiated correctly. I’ve tried contacted my host, who was the one who suggested I walk through the “whynopadlock.com” site, which I did (and corrected all the problems). I’m sure it’s something small that I’m/we’re overlooking and I really appreciate the help!
|
|
DrPaulS
|
April 20, 2018 at 9:31 am
Good morning! Any update? With my site on PayPal Pro instead of PayPal Express (which works, because the payment takes place off-site) I’m losing revenue. Did you happen to see anything wrong with it? Would I be able to switch back to PayPal Express temporarily just to let my clients register?
|
|
Josh
|
April 20, 2018 at 9:35 am
Yes you can use PayPal Express with the same PayPal account, but the API credentials are different than the ones for PayPal Pro.
You can get your PayPal Express API credentials by following this guide:
https://eventespresso.com/wiki/paypal-express-payment-gateway/#locate
One thing to check with PayPal about your account and using PayPal Pro is they do require the submission of a billing agreement before you can start taking payments with PayPal Pro.
|
|
DrPaulS
|
April 20, 2018 at 5:26 pm
Good afternoon! Any resolution? I have applied PayPal Express but I don’t like using that because the customer experience isn’t quite as professional (transferring them to another site to complete the payment) and they charge me different fees than Pro. I still have PayPal Pro active to allow for further debugging but I was hoping your team might have found something? Thanks for your time!
|
|
Tony
|
April 21, 2018 at 2:18 am
Ok, there are no HTTP references on the page so that’s not an issue (the only ‘http’ references are within error message text which isn’t a problem).
I’ve run a test on you site using PayPal Pro and dummy card details, however, I’m not a ‘a security header is not valid’ error, it’s asking for card details to be entered, which would mean EE is connecting to PayPal correctly.
Are you still getting the same error when you test?
|
