I'm working on a Zen Cart implementation that uses Google Checkout as the exclusive method of processing transactions. Everything is working fine except for responsehandler.php, the file used by the Google Checkout module for Zen Cart to handle Notification API requests and the like.
I have searched the interwebs long and hard before posting here. In fact, a Google query for "responsehandler 403" leads you to my other post over at the Zen Cart forums, which I have given up on. Sadness.
Here is some basic information about the setup I'm using:
Domain:
cafeamoria.com
ZenCart Version:
1.3.8
GoogleCheckout Version:
1.4.7
I am currently using Google Checkout in Sandbox mode for testing purposes (ie: until I get this issue resolved) and orders are correctly sent to the Google Checkout backend etc. so I know everything is working fine there.
My problem: The Google Checkout Integration Console (which supplies feedback about the results of Notification API usage) indicates that responsehandler.php on my server is returning a 403. So obviously the XML isn't getting handled, my orders don't show up in the Zen Cart backend, and a few other features of my cart aren't working, all because of this.
Just to get this out of the way, the permissions on the file are set to 644. Pretty standard for any script.
At this point, I have tried to debug the problem with cURL. I got some interesting results, but I don't really know what they mean. Thats where you guys come in.
First a little background about what I'm doing so you can better understand my tests:
- When Google queries responsehandler.php, it uses Basic Authentication using your Merchant ID as the user and your Merchant Key as the password. It then sends the following header information:
Content-Type: application/xml;charset=UTF-8
Accept: application/xml;charset=UTF-8
Finally, it sends a huge chunk of XML in the form of an HTTP POST request.
Test 1: Complete Emulation of a Google Request
cURL:
Code:
curl -H "Content-Type: application/xml;charset=UTF-8" -H "Accept: application/xml;charset=UTF-8" --data-urlencode @data.xml --user MerchantID:MerchantKey http://cafeamoria.com/googlecheckout/responsehandler.php
Where data.xml is a typical request sent by Google.
Response:
Test 2: Authenticate, Send Headers, But Do Not Send XML
cURL:
Code:
curl -H "Content-Type: application/xml;charset=UTF-8" -H "Accept: application/xml;charset=UTF-8" --user MerchantID:MerchantKey http://cafeamoria.com/googlecheckout/responsehandler.php
Response:
Code:
Invalid or not supported Message
Let it be noted that this response is a string that responsehandler.php spits out when the XML you send does not match the expected format from Google. Expected result since there was no XML.
Test 3: Authenticate, But Do Not Send Headers or XML
cURL:
Code:
curl --user MerchantID:MerchantKey http://cafeamoria.com/googlecheckout/responsehandler.php
Response:
Code:
Invalid or not supported Message
No XML sent, same response.
Conclusions:
It seems I can authenticate just fine, and even send headers. This means there is nothing wrong with responsehandler.php accepting my Merchant ID and Key.
Only when I actually send the block of XML does it throw a 403. This is the part I do not understand. Please halp. Kthxbai.