贝宝(PayPal)按钮返回网址的用法 [英] PayPal button return url usage

问题描述

我的网站上有一个PayPal html按钮，该按钮应随数据返回我的网站.我的理解是，有一个返回网址(带有return方法)和一个可以做到这一点的通知网址. notify url需要一个IPN侦听器，它似乎在进行验证检查，这很好.我没有看到针对返回网址的任何此类验证检查，但是在大多数情况下，我似乎想根据验证检查的结果来更新返回网址(例如，付款是否成功).而且，我需要知道PayPal实际上请求了返回URL来更新数据库，否则，这似乎为通过返回URL进行csrf攻击打开了大门.

I've got a PayPal html button on my site which should return back to my website with data. My understanding is that there's a return url (with a return method) and a notify url which can do this. The notify url requires an IPN listener which seems like it does a verification check, which is good. I'm not seeing any such verification check for the return url, but it seems like I would want to update the return url based on the result from a verification check in most cases (eg whether the payment was successful). Moreover, I need to know PayPal actually requested the return url to update the db, otherwise this seems to open the door to csrf attacks via return url.

我是PayPal按钮的新手，但是我还没有看到有关一起使用通知URL和返回URL的任何信息.那么，为了通过返回URL解决这些问题，我应该怎么做?

I'm new to PayPal buttons, but I've not seen anything about using notify url and return url together. So what should I being doing in order to resolve these concerns with the return url?

推荐答案

为减轻混乱:

1. return_url仅命名完成Paypal处理后要返回的Web应用页面.还有一个cancel_url，如果您想要一个用于用户取消的单独页面，则可以使用.返回return_url 并不意味着您有钱.这确实意味着客户已经完成了Paypal交易，但是可能会出现资金延迟，并且最终可能会导致付款失败，因此请不要算数您的鸡.

1. The return_url just names the page of your webapp you want to return to when the Paypal process is completed. There is also a cancel_url which can be used if you want a separate page for user cancels. Returning to the return_url does not mean that you have the money. It does mean the customer has completed the Paypal transaction, but there could be funding delays and there could be an eventual payment failure, so don't count your chickens yet.

notify_url是Web应用程序中POST处理程序的URL.不是页面. POST处理程序应执行您提到的验证步骤，然后应检查txn_type和其他变量以查看所通知的内容.可能是付款，订阅，终止，付款失败，冲销，取消冲销...这些事务类型中只有某些意味着您实际上已经从客户那里收到了钱.

The notify_url is the URL of a POST handler in your webapp. Not a page. The POST handler should perform the verification step you mentioned, then it should examine the txn_type and other variables to see what is being notified. It could be a payment, subscription, termination, payment failure, reversal, cancelled reversal ... Only some of these transaction types mean that you have actually received money from the customer.

我需要知道PayPal实际上要求返回网址来更新数据库

I need to know PayPal actually requested the return url to update the db

一点也没有.在此不执行任何业务操作.

Not in the slightest. Take no business actions here.

• 在return_url页面上，您应该感谢他们的业务，并告诉他们他们所请求的操作/购买/订阅等.一旦完成Paypal付款流程，他们将最终确定他们的请求.

• On the return_url page you should thank them for their business and tell them the action/purchase/subscription etc. that they requested will be finalized once the Paypal payment process is complete.

notify_url处理程序应处理与接收付款，获得冲销，取消订阅等相关的所有业务操作.return_url和cancel_url页不应执行任何这些操作.没有钱=>还没有采取行动.

The notify_url handler should handle all the business actions associated with receiving a payment, getting a reversal, subscription cancellation, etc. The return_url and cancel_url pages should not do any of that. No money => no action yet.

这篇关于贝宝(PayPal)按钮返回网址的用法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！