Changes to PayPal IPN
Just in case you are not aware, my clients are starting to get a notice from PayPal as follows:
We have recently identified that this change may impact the ability of some of our merchants to perform IPN (Instant Payment Notification) post-back validation or PDT (Payment Data Transfer) posts to www.paypal.com. This happens when the IPN or PDT scripts use HTTP 1.0 protocol and do not include the “Host: www.paypal.com” header in the HTTP request.
Starting February 1, 2013, we will require all incoming requests to have a “Host” header which complies with HTTP 1.1 Specifications. This header was not required under HTTP 1.0. IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after February 1, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.
Action Required before February 1, 2013
Merchants need to update their IPN and/or PDT scripts to use HTTP 1.1, and include the “Host” header in the IPN postback script.
//Set values for the request back
// post back to PayPal system to validate
$header .="POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .="Content-Type: application/x-www-form-urlencoded\r\n";
$header .="Host: 'www.paypal.com\r\n';;
HttpsURLConnection uc=(HttpsURLConnection) u.openConnection(); uc.setDoOutput(true);
The PayPal Sandbox has been configured to reject any HTTP requests without the “Host” header with HTTP 400 error. Merchants can use the Sandbox environment to certify the changes to their IPN and PDT scripts.
For more information on PDT and IPN, please refer to pdt and ipn. For additional information or questions about this change, please contact PayPal's Merchant Technical Support team via mts.
This will affect function WA_isValidPayPal which amongst other things I use in my custom IPN file.
I am sure that this will be on your radar to update but it never hurts to be sure