Sagepay Direct 3D Secure Blank Page Issue

Question

I'm trying to implement Omnipay with Sagepay Direct but am really struggling with the 3D Secure bit.

When I post the MD, PaReq and TermUrl to https://test.sagepay.com/mpitools/accesscontroler?action=pareq I just get a blank screen.

These previous SO answers suggest removing spaces from the PaReq field solves the issue, but I don't have any spaces in my data.

SagePay Direct 3DSecure checkout part returning blank page when redirecting out to bank

Sage Pay test server won't load 3D Secure page

The data returned from the Omnipay method $response->getRedirectData() is

"PaReq" => "eJxVUk1TwjAQvfsrGO52mza0lVnCoBxERqcqOuMxpqt0pB8mrRZ/vQkUweTy3svO2+xLcNoVm8EXaZNX5WTIPH84FWe4Wmui+SOpVpPAWzJGvtMgzybDwGcjn7OLmEc8CXnAgmQ0FJjOHuhTYG8krI/HEA7UOmi1lmUjUKrPy8Wd4DwKoxFCT7EgvZiLgPn7HfpuIexlLGVBYqZkRsV2RaZ5pjKrNMJOR1W1ZaO3IgkihAPBVm/EumlqMwaQdW08U1bfmur2dZMrT1Ve+wGGNm/nhvQXIbh6hONF09YhY/27PBNyef308zKLuuXdA0u71DC5DrItj2/uJwiuAjPZkLDxxH4SsgGLx2E85hxhp6Ms3MUEc1P1GGvXYnZycCqgzV5TqQ5zHRhSV1cl2YoA4Q9jRkaJR/dKqdwObtOFbewkhOMgV9cuf9XYSJmLfoecX24DYwnbGzqC4Gqhf1XoP4BF/z7GLxIJvBw="

"MD" => "20150419746483421285"

This is the HTML for the form I'm using

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

  <body>
    <form action="https://test.sagepay.com/mpitools/accesscontroler?action=pareq" method="post">
        <input name="MD" value="20150419746483421285" type="hidden">
        <input name="PaReq" value="eJxVUk1TwjAQvfsrGO52mza0lVnCoBxERqcqOuMxpqt0pB8mrRZ/vQkUweTy3svO2+xLcNoVm8EXaZNX5WTIPH84FWe4Wmui+SOpVpPAWzJGvtMgzybDwGcjn7OLmEc8CXnAgmQ0FJjOHuhTYG8krI/HEA7UOmi1lmUjUKrPy8Wd4DwKoxFCT7EgvZiLgPn7HfpuIexlLGVBYqZkRsV2RaZ5pjKrNMJOR1W1ZaO3IgkihAPBVm/EumlqMwaQdW08U1bfmur2dZMrT1Ve+wGGNm/nhvQXIbh6hONF09YhY/27PBNyef308zKLuuXdA0u71DC5DrItj2/uJwiuAjPZkLDxxH4SsgGLx2E85hxhp6Ms3MUEc1P1GGvXYnZycCqgzV5TqQ5zHRhSV1cl2YoA4Q9jRkaJR/dKqdwObtOFbewkhOMgV9cuf9XYSJmLfoecX24DYwnbGzqC4Gqhf1XoP4BF/z7GLxIJvBw=" type="hidden">
        <input name="TermUrl" value="https://www.example.com/payment/auth-return" type="hidden">
        <center><p>Please click button below to Authenticate your card</p><input value="Go" type="submit"></center>
    </form>
  </body>
</html>

Do you know why I'm getting a blank page? Do I need to transform the data in some way before sending it to Sagepay?

I've tried everything I can think of but am getting nowhere.

Answer 1

ok, so it's magically working now....may have been a problem at Sagepay's end?

In case it's useful for someone else, here's my iFrame code...

<iframe src="secure-3d.php?acsURL=<?=$responseUrl?>&PaReq=<?=$responseData['PaReq']?>&MD=<?=$responseData['MD']?>&TermUrl=<?=$responseData['TermUrl']?>" name="secure-3d" id="secure-3d" width="100%" height="500" frameborder="0"></iframe>

...where 'secure-3d.php' is my self-submitting form as below....

<form id="cardToken" name="cardToken" action="<?=$_GET['acsURL']?>" method="post">
  <input type="hidden" name="MD" value='<?=str_replace(' ','+',$_GET['MD'])?>' />
  <input type="hidden" name="PaReq" value='<?=str_replace(' ','+',$_GET['PaReq'])?>' />
  <input type="hidden" name="TermUrl" value='<?=str_replace(' ','+',$_GET['TermUrl'])?>' />
  <noscript>
    <center><p>Please click button below to Authenticate your card</p><input type="submit" value="Go"/></p></center>
  </noscript>
</form>
<script language="Javascript">
        var form = document.getElementById("cardToken");
        form.submit();
</script>

I just pass the PaReq, MD and TermUrl data through to the form in the querystring, then you need to str_replace spaces to pluses when creating the hidden fields.

That should do it!

If anyone has any ideas on how to make this better, please comment