Support » Plugin: WooCommerce » “security header not valid” (paypal standard)

  • Resolved horiamar

    (@horiamar)


    Hello there!
    we use “paypal standard” payment gateway with woocommerce.
    when trying to refund (click on button “refund x$ via paypal standard”) we receive the message: “javascript: security header is not valid”.
    I checked the settings in paypal standard (api, IPN) and they are all ok. The payments work (when a customer pays a sum to the woocommerce webshop) but the refunds do not work.

    What could I do?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter horiamar

    (@horiamar)

    this is my log:

    2021-04-08T11:39:57+00:00 INFO Received valid response from PayPal IPN
    2021-04-08T11:39:57+00:00 INFO Found order #1322
    2021-04-08T11:39:57+00:00 INFO Payment status: completed
    2021-04-08T11:49:47+00:00 INFO Refund Response: Array
    (
    [headers] => Requests_Utility_CaseInsensitiveDictionary Object
    (
    [data:protected] => Array
    (
    [content-type] => text/plain; charset=utf-8
    [content-length] => 234
    [date] => Thu, 08 Apr 2021 11:49:47 GMT
    [cache-control] => max-age=0, no-cache, no-store, must-revalidate
    [caller_acct_num] => (edited)
    [paypal-debug-id] => 1dcad1b492901
    [x-paypal-api-rc] => 10002
    [x-paypal-operation-name] => RefundTransaction
    [x-slr-retry-api] => RefundTransaction
    [http_x_pp_az_locator] => ccg13.slc
    [strict-transport-security] => max-age=31536000; includeSubDomains
    )
    
    )
    
    [body] => TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=84%2e0&BUILD=55475691&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
    [response] => Array
    (
    [code] => 200
    [message] => OK
    )
    
    [cookies] => Array
    (
    )
    
    [filename] =>
    [http_response] => WP_HTTP_Requests_Response Object
    (
    [response:protected] => Requests_Response Object
    (
    [body] => TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=[Removed. Phone #s not permitted]AGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
    [raw] => HTTP/1.1 200 OK
    Content-Type: text/plain; charset=utf-8
    Content-Length: 234
    Connection: close
    Date: Thu, 08 Apr 2021 11:49:47 GMT
    Cache-Control: max-age=0, no-cache, no-store, must-revalidate
    Caller_acct_num: (edited)
    Paypal-Debug-Id: 1dcad1b492901
    X-Paypal-Api-Rc: 10002
    X-Paypal-Operation-Name: RefundTransaction
    X-Slr-Retry-Api: RefundTransaction
    HTTP_X_PP_AZ_LOCATOR: ccg13.slc
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    
    TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=[Removed. Phone #s not permitted]AGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
    [headers] => Requests_Response_Headers Object
    (
    [data:protected] => Array
    (
    [content-type] => Array
    (
    [0] => text/plain; charset=utf-8
    )
    
    [content-length] => Array
    (
    [0] => 234
    )
    
    [date] => Array
    (
    [0] => Thu, 08 Apr 2021 11:49:47 GMT
    )
    
    [cache-control] => Array
    (
    [0] => max-age=0, no-cache, no-store, must-revalidate
    )
    
    [caller_acct_num] => Array
    (
    [0] => (edited)
    )
    
    [paypal-debug-id] => Array
    (
    [0] => 1dcad1b492901
    )
    
    [x-paypal-api-rc] => Array
    (
    [0] => 10002
    )
    
    [x-paypal-operation-name] => Array
    (
    [0] => RefundTransaction
    )
    
    [x-slr-retry-api] => Array
    (
    [0] => RefundTransaction
    )
    
    [http_x_pp_az_locator] => Array
    (
    [0] => ccg13.slc
    )
    
    [strict-transport-security] => Array
    (
    [0] => max-age=31536000; includeSubDomains
    )
    
    )
    
    )
    
    [status_code] => 200
    [protocol_version] => 1.1
    [success] => 1
    [redirects] => 0
    [url] => https://api-3t.paypal.com/nvp
    [history] => Array
    (
    )
    
    [cookies] => Requests_Cookie_Jar Object
    (
    [cookies:protected] => Array
    (
    )
    
    )
    
    )
    
    [filename:protected] =>
    [data] =>
    [headers] =>
    [status] =>
    )
    
    )
    
    2021-04-08T11:49:47+00:00 INFO Refund Result: stdClass Object
    (
    [TIMESTAMP] => 2021-04-08T11:49:47Z
    [CORRELATIONID] => 1dcad1b492901
    [ACK] => Failure
    [VERSION] => 84.0
    [BUILD] => 55475691
    [L_ERRORCODE0] => 10002
    [L_SHORTMESSAGE0] => Security error
    [L_LONGMESSAGE0] => Security header is not valid
    [L_SEVERITYCODE0] => Error
    )
    • This reply was modified 6 months, 2 weeks ago by .
    Thread Starter horiamar

    (@horiamar)

    As presumed by the Automattic support, it was indeed a simple problem of wrong credentials. The API password was copied wrongly by the shop owner.

    So, for others too: in case you can ACCEPT payments, but CANNOT refund them, it is a wrong API password probably. So: wrong credentials can still allow payments to be processed correctly, but won’t allow refunds alone to be done.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“security header not valid” (paypal standard)’ is closed to new replies.