sdk-java icon indicating copy to clipboard operation
sdk-java copied to clipboard

Published 20 hours ago verified publisher icon AuthorizeNet

Ampersands in URLs break the Accept Hosted Payment Form

Open BlackPenguins opened this issue 4 years ago • 2 comments

We are using ampersands in our cancel URL and submit URL and the payment form is failing to load! We need to build a URL with multiple GET parameters to have proper security with the cancel and submission of orders on our website. Which means we need use ampersands to divide up our parameters. The problem is if we pass an ampersand at all to the hostedPaymentReturnOptions the entire payment form fails to load. There are no errors in the logs. It just only draws the words "Order Summary" and nothing else. If we remove the ampersands everything works correctly.

We are using the AcceptHosted API solution.

SettingType returnSettings = new SettingType();
returnSettings.setSettingName("hostedPaymentReturnOptions");

JSONObject returnSettingsJSON = new JSONObject();

returnSettingsJSON.put("url", "http://1.1.1.1/submitPayment?orderID=2540&orderAmount=13.99&submitPaymentID=4a11f608-4196-4365-929e-
9e01c5fa975d");
returnSettingsJSON.put("urlText", "Complete Order" );
returnSettingsJSON.put("cancelUrl", "http://1.1.1.1/clearPayment?orderID=2540&cancelPaymentID=459b4c8b-e257-4d02-84e3-5
f0965b16b81" );
returnSettingsJSON.put("cancelUrlText", "Cancel Order" );

returnSettings.setSettingValue( returnSettingsJSON.toString() );

Screenshot_20210219_122223

BlackPenguins avatar Feb 19 '21 17:02 BlackPenguins

Alright I was told I need to replace the "&' characters with '%26'. I've seen URL encoding where the entire URL is encoded or the parameters in the URL are encoded but never one where ONE CHARACTER in the url is encoded. This is not intuitive at all. An API should be easy for the user to use. If you want this odd encoding it should be done on your end after we set it. That or have us use the widely used URLEncoder.encode() method and encode the entire URL then on your end decode the URL before you check it against your regex validation to make sure it starts with http://. This is all way harder than it needs to be and very error prone.

BlackPenguins avatar Feb 22 '21 22:02 BlackPenguins

The issue does not persist as this is been already fixed in the Master branch as a part of upgradation.

Tested in the multiple the versions and environments, working fine as expected.

sdalwe avatar Sep 30 '24 14:09 sdalwe