How to force Authorize.net Directpost reply_url to be HTTPS?

1k views Asked by At

I'm trying to enable the Authorize.net DPM (Direct Post Method) on a Magento 1.11.1 production site. My test site (also Magento 1.11.1.0) works fine because the site is not secure (frontend SSL), but the live site gets an error. Turns out the reply_url sent to Authorize.net (x_reply_url) is being sent as non-ssl (e.g. http://mysite.com/authorizenet/directpost_payment/response as a POST). However, this gets a 500 error because Magento is set to require SSL on the frontend. If I send a test post using (https://mysite.com/authorizenet/directpost_payment/response as a POST) it gets a 200 response. I'm looking at this by having turned on Debug in the DPM payment method and then viewing the file var/log/payment_authorizenet_directpost.log.

So I'm looking through all the code in app/code/core/Mage/Authorizenet and have yet to pull out a section of code where it might be getting this non-ssl URL. And of course then answer the question of "Why isn't it pulling a secure URL instead?".

It looks like it originates possibly in the placeAction method of controllers/Directpost/PaymentController.php.

I was hoping I might get some informed insight here as to whether I'm on the right track and how best to log or var_dump the appropriate variables (on my test site) to verify any changes.

1

There are 1 answers

2
pcproffitt On

Resolved. This appears to be a bug in the code for the authorize.net directpost method.

Modified file: app/code/core/Mage/Authorizenet/Model/Directpost.php

Method: getRelayUrl

Old code:

return Mage::app()->getStore($storeId)->getBaseUrl(Mage_Core_Model_Store::URL_TYPE_LINK) . 'authorizenet/directpost_payment/response';

New code:

if(Mage::app()->getStore($storeId)->isCurrentlySecure()) {
  return rtrim(Mage::getUrl('authorizenet/directpost', array('_secure' => true)),"/") .     '_payment/response';
} else {
  return Mage::app()->getStore($storeId)->getBaseUrl(Mage_Core_Model_Store::URL_TYPE_LINK) . 'authorizenet/directpost_payment/response';
}

This was in Magento Pro 1.11.1.0 (same code as Magento EE 1.11.1.0). I have not yet received access to any newer versions of Magento EE in order to see if this has been resolved in 1.12 or higher.