include_url

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

include_url

Anibal Escobar
Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
authorize.net for credit card processing.  This is done by sending them:

local('response_array' = include_url(#post_url,
-postparams=#post_values)->split('|'))

and reading the response.  The issue is that authorize.net has flagged
this site as using a GET request, which it will be phasing out on June
30.  Does anyone know if the include_url as done above results in a GET
or POST request?  I looked at the headers generated by include_url using
client_headers and all I get is:

ACCEPT: */*
HOST: mydowmain.com

How can I view or specify the Request Method?

Anibal Escobar
styleexpo
601 W. 26th St., Ste. M254
New York, NY 10001

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

stevepiercy
include_url a local machine or one you maintain.

[
// include_url.lasso
local(r) = include_url('http://9test/included_url.lasso', -postparams=(array('moose'='hair')))
#r
]

[
// included_url.lasso
web_request -> requestmethod
]

=> POST

Else you will need something to inspect network traffic to see
what is actually getting passed over the wire and how.  
WireShark is one such tool.

I'd be very surprised if a particular version of Lasso 9.2.x
using include_url with -postparams did not send a POST request.
http://lassoguide.com/operations/network-requests.html#include_url

Do you have a citation at authorize.net regarding phasing out of
GET requests?  I don't recall seeing such a critter.

Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so
they're not affected.
https://github.com/stevepiercy/AuthorizeNet_AIM
https://github.com/stevepiercy/AuthorizeNet_AIM_9

--steve


On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar) pronounced:

>Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that
>uses authorize.net for credit card processing.  This is done by
>sending them:
>
>local('response_array' = include_url(#post_url, -postparams=#post_values)->split('|'))
>
>and reading the response.  The issue is that authorize.net has
>flagged this site as using a GET request, which it will be
>phasing out on June 30.  Does anyone know if the include_url as
>done above results in a GET or POST request?  I looked at the
>headers generated by include_url using client_headers and all I
>get is:
>
>ACCEPT: */*
>HOST: mydowmain.com
>
>How can I view or specify the Request Method?
>
>Anibal Escobar
>styleexpo
>601 W. 26th St., Ste. M254
>New York, NY 10001
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.stevepiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

Anibal Escobar
Thanks that worked and it confirms POST.

Here's the message from authorize.net, which was forwarded to me by my
client:

-----------------------------------------------------------------------

Dear Authorize.Net Merchant:
During a system scan, we noticed that your website or payment solution
is using the HTTP GET method when submitting your transaction requests
to https://secure.authorize.net/gateway/transact.dll.

Because HTTP GET methods do not adhere to current TLS protection
requirements, Authorize.Net will not allow HTTP GET methods for
transaction requests as of June 30, 2016. We recommend that you
immediately update your code to use the HTTP POST method instead.

Any transaction request submitted using HTTP GET after June 30th will be
rejected.

-----------------------------------------------------------------------

I'll have to call them to figure out how they figure I'm using HTTP GET.


On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:

> include_url a local machine or one you maintain.
>
> [
> // include_url.lasso
> local(r) = include_url('http://9test/included_url.lasso',
> -postparams=(array('moose'='hair')))
> #r
> ]
>
> [
> // included_url.lasso
> web_request -> requestmethod
> ]
>
> => POST
>
> Else you will need something to inspect network traffic to see what is
> actually getting passed over the wire and how.  WireShark is one such
> tool.
>
> I'd be very surprised if a particular version of Lasso 9.2.x using
> include_url with -postparams did not send a POST request.
> http://lassoguide.com/operations/network-requests.html#include_url
>
> Do you have a citation at authorize.net regarding phasing out of GET
> requests?  I don't recall seeing such a critter.
>
> Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so
> they're not affected.
> https://github.com/stevepiercy/AuthorizeNet_AIM
> https://github.com/stevepiercy/AuthorizeNet_AIM_9
>
> --steve
>
>
> On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar)
> pronounced:
>
>> Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
>> authorize.net for credit card processing.  This is done by sending
>> them:
>>
>> local('response_array' = include_url(#post_url,
>> -postparams=#post_values)->split('|'))
>>
>> and reading the response.  The issue is that authorize.net has
>> flagged this site as using a GET request, which it will be phasing
>> out on June 30.  Does anyone know if the include_url as done above
>> results in a GET or POST request?  I looked at the headers generated
>> by include_url using client_headers and all I get is:
>>
>> ACCEPT: */*
>> HOST: mydowmain.com
>>
>> How can I view or specify the Request Method?
>>
>> Anibal Escobar
>> styleexpo
>> 601 W. 26th St., Ste. M254
>> New York, NY 10001
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy              Website Builder              Soquel, CA
> <[hidden email]>               <http://www.stevepiercy.com/>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Anibal Escobar
styleexpo
601 W. 26th St., Ste. M254
New York, NY 10001

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

jasonhuck
Just in case...

Your #post_url variable doesn't contain a query string, does it?

You can send a request with POST arguments in the header, and POST might be
the HTTP verb reported (I haven't tested), but if the URL you're posting to
contains arguments on a query string, it is, by definition, also using GET.

You don't commonly see a combination of GET and POST args in a single
request, but it does work.

Could be that Authorize.Net sees a query string and doesn't like it. Worth
double-checking.

- jason





On Fri, May 20, 2016 at 1:56 PM, Anibal Escobar <[hidden email]>
wrote:

> Thanks that worked and it confirms POST.
>
> Here's the message from authorize.net, which was forwarded to me by my
> client:
>
> -----------------------------------------------------------------------
>
> Dear Authorize.Net Merchant:
> During a system scan, we noticed that your website or payment solution is
> using the HTTP GET method when submitting your transaction requests to
> https://secure.authorize.net/gateway/transact.dll.
>
> Because HTTP GET methods do not adhere to current TLS protection
> requirements, Authorize.Net will not allow HTTP GET methods for transaction
> requests as of June 30, 2016. We recommend that you immediately update your
> code to use the HTTP POST method instead.
>
> Any transaction request submitted using HTTP GET after June 30th will be
> rejected.
>
> -----------------------------------------------------------------------
>
> I'll have to call them to figure out how they figure I'm using HTTP GET.
>
>
>
> On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:
>
> include_url a local machine or one you maintain.
>>
>> [
>> // include_url.lasso
>> local(r) = include_url('http://9test/included_url.lasso',
>> -postparams=(array('moose'='hair')))
>> #r
>> ]
>>
>> [
>> // included_url.lasso
>> web_request -> requestmethod
>> ]
>>
>> => POST
>>
>> Else you will need something to inspect network traffic to see what is
>> actually getting passed over the wire and how.  WireShark is one such tool.
>>
>> I'd be very surprised if a particular version of Lasso 9.2.x using
>> include_url with -postparams did not send a POST request.
>> http://lassoguide.com/operations/network-requests.html#include_url
>>
>> Do you have a citation at authorize.net regarding phasing out of GET
>> requests?  I don't recall seeing such a critter.
>>
>> Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so they're
>> not affected.
>> https://github.com/stevepiercy/AuthorizeNet_AIM
>> https://github.com/stevepiercy/AuthorizeNet_AIM_9
>>
>> --steve
>>
>>
>> On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar) pronounced:
>>
>> Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
>>> authorize.net for credit card processing.  This is done by sending them:
>>>
>>> local('response_array' = include_url(#post_url,
>>> -postparams=#post_values)->split('|'))
>>>
>>> and reading the response.  The issue is that authorize.net has flagged
>>> this site as using a GET request, which it will be phasing out on June 30.
>>> Does anyone know if the include_url as done above results in a GET or POST
>>> request?  I looked at the headers generated by include_url using
>>> client_headers and all I get is:
>>>
>>> ACCEPT: */*
>>> HOST: mydowmain.com
>>>
>>> How can I view or specify the Request Method?
>>>
>>> Anibal Escobar
>>> styleexpo
>>> 601 W. 26th St., Ste. M254
>>> New York, NY 10001
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>
>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>> Steve Piercy              Website Builder              Soquel, CA
>> <[hidden email]>               <http://www.stevepiercy.com/>
>>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
> Anibal Escobar
> styleexpo
> 601 W. 26th St., Ste. M254
> New York, NY 10001
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

Anibal Escobar
#post_url is https://secure.authorize.net/gateway/transact.dll so no
query string.

On 20 May 2016, at 14:09, Jason Huck wrote:

> Just in case...
>
> Your #post_url variable doesn't contain a query string, does it?
>
> You can send a request with POST arguments in the header, and POST
> might be
> the HTTP verb reported (I haven't tested), but if the URL you're
> posting to
> contains arguments on a query string, it is, by definition, also using
> GET.
>
> You don't commonly see a combination of GET and POST args in a single
> request, but it does work.
>
> Could be that Authorize.Net sees a query string and doesn't like it.
> Worth
> double-checking.
>
> - jason
>
>
>
>
>
> On Fri, May 20, 2016 at 1:56 PM, Anibal Escobar <[hidden email]>
> wrote:
>
>> Thanks that worked and it confirms POST.
>>
>> Here's the message from authorize.net, which was forwarded to me by
>> my
>> client:
>>
>> -----------------------------------------------------------------------
>>
>> Dear Authorize.Net Merchant:
>> During a system scan, we noticed that your website or payment
>> solution is
>> using the HTTP GET method when submitting your transaction requests
>> to
>> https://secure.authorize.net/gateway/transact.dll.
>>
>> Because HTTP GET methods do not adhere to current TLS protection
>> requirements, Authorize.Net will not allow HTTP GET methods for
>> transaction
>> requests as of June 30, 2016. We recommend that you immediately
>> update your
>> code to use the HTTP POST method instead.
>>
>> Any transaction request submitted using HTTP GET after June 30th will
>> be
>> rejected.
>>
>> -----------------------------------------------------------------------
>>
>> I'll have to call them to figure out how they figure I'm using HTTP
>> GET.
>>
>>
>>
>> On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:
>>
>> include_url a local machine or one you maintain.
>>>
>>> [
>>> // include_url.lasso
>>> local(r) = include_url('http://9test/included_url.lasso',
>>> -postparams=(array('moose'='hair')))
>>> #r
>>> ]
>>>
>>> [
>>> // included_url.lasso
>>> web_request -> requestmethod
>>> ]
>>>
>>> => POST
>>>
>>> Else you will need something to inspect network traffic to see what
>>> is
>>> actually getting passed over the wire and how.  WireShark is one
>>> such tool.
>>>
>>> I'd be very surprised if a particular version of Lasso 9.2.x using
>>> include_url with -postparams did not send a POST request.
>>> http://lassoguide.com/operations/network-requests.html#include_url
>>>
>>> Do you have a citation at authorize.net regarding phasing out of GET
>>> requests?  I don't recall seeing such a critter.
>>>
>>> Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so
>>> they're
>>> not affected.
>>> https://github.com/stevepiercy/AuthorizeNet_AIM
>>> https://github.com/stevepiercy/AuthorizeNet_AIM_9
>>>
>>> --steve
>>>
>>>
>>> On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar)
>>> pronounced:
>>>
>>> Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
>>>> authorize.net for credit card processing.  This is done by sending
>>>> them:
>>>>
>>>> local('response_array' = include_url(#post_url,
>>>> -postparams=#post_values)->split('|'))
>>>>
>>>> and reading the response.  The issue is that authorize.net has
>>>> flagged
>>>> this site as using a GET request, which it will be phasing out on
>>>> June 30.
>>>> Does anyone know if the include_url as done above results in a GET
>>>> or POST
>>>> request?  I looked at the headers generated by include_url using
>>>> client_headers and all I get is:
>>>>
>>>> ACCEPT: */*
>>>> HOST: mydowmain.com
>>>>
>>>> How can I view or specify the Request Method?
>>>>
>>>> Anibal Escobar
>>>> styleexpo
>>>> 601 W. 26th St., Ste. M254
>>>> New York, NY 10001
>>>>
>>>> #############################################################
>>>>
>>>> This message is sent to you because you are subscribed to
>>>> the mailing list Lasso [hidden email]
>>>> Official list archives available at http://www.lassotalk.com
>>>> To unsubscribe, E-mail to: <[hidden email]>
>>>> Send administrative queries to  <[hidden email]>
>>>>
>>>
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> Steve Piercy              Website Builder              Soquel, CA
>>> <[hidden email]>               <http://www.stevepiercy.com/>
>>>
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>>  the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>
>> Anibal Escobar
>> styleexpo
>> 601 W. 26th St., Ste. M254
>> New York, NY 10001
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Anibal Escobar
styleexpo
601 W. 26th St., Ste. M254
New York, NY 10001

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

Bil Corry-3
In reply to this post by Anibal Escobar
I wonder what TLS issue they're referring to for GET.  It would be
interesting to know the specific issue, I'm not aware of any.


- Bil

On Fri, May 20, 2016 at 7:56 PM, Anibal Escobar <[hidden email]>
wrote:

> Thanks that worked and it confirms POST.
>
> Here's the message from authorize.net, which was forwarded to me by my
> client:
>
> -----------------------------------------------------------------------
>
> Dear Authorize.Net Merchant:
> During a system scan, we noticed that your website or payment solution is
> using the HTTP GET method when submitting your transaction requests to
> https://secure.authorize.net/gateway/transact.dll.
>
> Because HTTP GET methods do not adhere to current TLS protection
> requirements, Authorize.Net will not allow HTTP GET methods for transaction
> requests as of June 30, 2016. We recommend that you immediately update your
> code to use the HTTP POST method instead.
>
> Any transaction request submitted using HTTP GET after June 30th will be
> rejected.
>
> -----------------------------------------------------------------------
>
> I'll have to call them to figure out how they figure I'm using HTTP GET.
>
>
>
> On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:
>
> include_url a local machine or one you maintain.
>>
>> [
>> // include_url.lasso
>> local(r) = include_url('http://9test/included_url.lasso',
>> -postparams=(array('moose'='hair')))
>> #r
>> ]
>>
>> [
>> // included_url.lasso
>> web_request -> requestmethod
>> ]
>>
>> => POST
>>
>> Else you will need something to inspect network traffic to see what is
>> actually getting passed over the wire and how.  WireShark is one such tool.
>>
>> I'd be very surprised if a particular version of Lasso 9.2.x using
>> include_url with -postparams did not send a POST request.
>> http://lassoguide.com/operations/network-requests.html#include_url
>>
>> Do you have a citation at authorize.net regarding phasing out of GET
>> requests?  I don't recall seeing such a critter.
>>
>> Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so they're
>> not affected.
>> https://github.com/stevepiercy/AuthorizeNet_AIM
>> https://github.com/stevepiercy/AuthorizeNet_AIM_9
>>
>> --steve
>>
>>
>> On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar) pronounced:
>>
>> Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
>>> authorize.net for credit card processing.  This is done by sending them:
>>>
>>> local('response_array' = include_url(#post_url,
>>> -postparams=#post_values)->split('|'))
>>>
>>> and reading the response.  The issue is that authorize.net has flagged
>>> this site as using a GET request, which it will be phasing out on June 30.
>>> Does anyone know if the include_url as done above results in a GET or POST
>>> request?  I looked at the headers generated by include_url using
>>> client_headers and all I get is:
>>>
>>> ACCEPT: */*
>>> HOST: mydowmain.com
>>>
>>> How can I view or specify the Request Method?
>>>
>>> Anibal Escobar
>>> styleexpo
>>> 601 W. 26th St., Ste. M254
>>> New York, NY 10001
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>
>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>> Steve Piercy              Website Builder              Soquel, CA
>> <[hidden email]>               <http://www.stevepiercy.com/>
>>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
> Anibal Escobar
> styleexpo
> 601 W. 26th St., Ste. M254
> New York, NY 10001
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

Anibal Escobar
If I get an explanation on this, I'll pass it along.

On 20 May 2016, at 14:35, Bil Corry wrote:

> I wonder what TLS issue they're referring to for GET.  It would be
> interesting to know the specific issue, I'm not aware of any.
>
>
> - Bil
>
> On Fri, May 20, 2016 at 7:56 PM, Anibal Escobar <[hidden email]>
> wrote:
>
>> Thanks that worked and it confirms POST.
>>
>> Here's the message from authorize.net, which was forwarded to me by
>> my
>> client:
>>
>> -----------------------------------------------------------------------
>>
>> Dear Authorize.Net Merchant:
>> During a system scan, we noticed that your website or payment
>> solution is
>> using the HTTP GET method when submitting your transaction requests
>> to
>> https://secure.authorize.net/gateway/transact.dll.
>>
>> Because HTTP GET methods do not adhere to current TLS protection
>> requirements, Authorize.Net will not allow HTTP GET methods for
>> transaction
>> requests as of June 30, 2016. We recommend that you immediately
>> update your
>> code to use the HTTP POST method instead.
>>
>> Any transaction request submitted using HTTP GET after June 30th will
>> be
>> rejected.
>>
>> -----------------------------------------------------------------------
>>
>> I'll have to call them to figure out how they figure I'm using HTTP
>> GET.
>>
>>
>>
>> On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:
>>
>> include_url a local machine or one you maintain.
>>>
>>> [
>>> // include_url.lasso
>>> local(r) = include_url('http://9test/included_url.lasso',
>>> -postparams=(array('moose'='hair')))
>>> #r
>>> ]
>>>
>>> [
>>> // included_url.lasso
>>> web_request -> requestmethod
>>> ]
>>>
>>> => POST
>>>
>>> Else you will need something to inspect network traffic to see what
>>> is
>>> actually getting passed over the wire and how.  WireShark is one
>>> such tool.
>>>
>>> I'd be very surprised if a particular version of Lasso 9.2.x using
>>> include_url with -postparams did not send a POST request.
>>> http://lassoguide.com/operations/network-requests.html#include_url
>>>
>>> Do you have a citation at authorize.net regarding phasing out of GET
>>> requests?  I don't recall seeing such a critter.
>>>
>>> Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams, so
>>> they're
>>> not affected.
>>> https://github.com/stevepiercy/AuthorizeNet_AIM
>>> https://github.com/stevepiercy/AuthorizeNet_AIM_9
>>>
>>> --steve
>>>
>>>
>>> On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar)
>>> pronounced:
>>>
>>> Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that uses
>>>> authorize.net for credit card processing.  This is done by sending
>>>> them:
>>>>
>>>> local('response_array' = include_url(#post_url,
>>>> -postparams=#post_values)->split('|'))
>>>>
>>>> and reading the response.  The issue is that authorize.net has
>>>> flagged
>>>> this site as using a GET request, which it will be phasing out on
>>>> June 30.
>>>> Does anyone know if the include_url as done above results in a GET
>>>> or POST
>>>> request?  I looked at the headers generated by include_url using
>>>> client_headers and all I get is:
>>>>
>>>> ACCEPT: */*
>>>> HOST: mydowmain.com
>>>>
>>>> How can I view or specify the Request Method?
>>>>
>>>> Anibal Escobar
>>>> styleexpo
>>>> 601 W. 26th St., Ste. M254
>>>> New York, NY 10001
>>>>
>>>> #############################################################
>>>>
>>>> This message is sent to you because you are subscribed to
>>>> the mailing list Lasso [hidden email]
>>>> Official list archives available at http://www.lassotalk.com
>>>> To unsubscribe, E-mail to: <[hidden email]>
>>>> Send administrative queries to  <[hidden email]>
>>>>
>>>
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> Steve Piercy              Website Builder              Soquel, CA
>>> <[hidden email]>               <http://www.stevepiercy.com/>
>>>
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>>  the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>
>> Anibal Escobar
>> styleexpo
>> 601 W. 26th St., Ste. M254
>> New York, NY 10001
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

Anibal Escobar
styleexpo
601 W. 26th St., Ste. M254
New York, NY 10001

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: include_url

stevepiercy
In reply to this post by Anibal Escobar
Which AuthorizeNet integration method/API (AIM, CIM, etc.) are
you using?
http://developer.authorize.net/api/upgrade_guide/

There's also the new Authorize.Net API.  It is much nicer,
although XML is tedious and JSON support is still in beta.

--steve


On 5/20/16 at 1:56 PM, [hidden email] (Anibal Escobar) pronounced:

>Thanks that worked and it confirms POST.
>
>Here's the message from authorize.net, which was forwarded to me by my client:
>
>-----------------------------------------------------------------------
>
>Dear Authorize.Net Merchant:
>During a system scan, we noticed that your website or payment
>solution is using the HTTP GET method when submitting your
>transaction requests to https://secure.authorize.net/gateway/transact.dll.
>
>Because HTTP GET methods do not adhere to current TLS
>protection requirements, Authorize.Net will not allow HTTP GET
>methods for transaction requests as of June 30, 2016. We
>recommend that you immediately update your code to use the HTTP
>POST method instead.
>
>Any transaction request submitted using HTTP GET after June 30th will be rejected.
>
>-----------------------------------------------------------------------
>
>I'll have to call them to figure out how they figure I'm using HTTP GET.
>
>
>On 19 May 2016, at 21:44, Steve Piercy - Website Builder wrote:
>
>>include_url a local machine or one you maintain.
>>
>>[
>>// include_url.lasso
>>local(r) = include_url('http://9test/included_url.lasso',
>-postparams=(array('moose'='hair')))
>>#r
>>]
>>
>>[
>>// included_url.lasso
>>web_request -> requestmethod
>>]
>>
>>=> POST
>>
>>Else you will need something to inspect network traffic to see
>>what is actually getting passed over the wire and how.  
>>WireShark is one such tool.
>>
>>I'd be very surprised if a particular version of Lasso 9.2.x
>>using include_url with -postparams did not send a POST request.
>>http://lassoguide.com/operations/network-requests.html#include_url
>>
>>Do you have a citation at authorize.net regarding phasing out
>>of GET requests?  I don't recall seeing such a critter.
>>
>>Both AuthorizeNet_AIM and AuthorizeNet_AIM_9 use -postparams,
>>so they're not affected.
>>https://github.com/stevepiercy/AuthorizeNet_AIM
>>https://github.com/stevepiercy/AuthorizeNet_AIM_9
>>
>>--steve
>>
>>
>>On 5/19/16 at 5:40 PM, [hidden email] (Anibal Escobar) pronounced:
>>
>>>Hi everyone, I'm on lasso 9.2 on CentOS.  I have a site that
>>>uses authorize.net for credit card processing.  This is done
>>>by sending them:
>>>
>>>local('response_array' = include_url(#post_url, -postparams=#post_values)->split('|'))
>>>
>>>and reading the response.  The issue is that authorize.net
>>>has flagged this site as using a GET request, which it will
>>>be phasing out on June 30.  Does anyone know if the
>>>include_url as done above results in a GET or POST request?  
>>>I looked at the headers generated by include_url using
>>>client_headers and all I get is:
>>>
>>>ACCEPT: */*
>>>HOST: mydowmain.com
>>>
>>>How can I view or specify the Request Method?
>>>
>>>Anibal Escobar
>>>styleexpo
>>>601 W. 26th St., Ste. M254
>>>New York, NY 10001
>>>
>>>#############################################################
>>>
>>>This message is sent to you because you are subscribed to
>>>the mailing list Lasso [hidden email]
>>>Official list archives available at http://www.lassotalk.com
>>>To unsubscribe, E-mail to: <[hidden email]>
>>>Send administrative queries to  <[hidden email]>
>>
>>-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>Steve Piercy              Website Builder              Soquel, CA
>><[hidden email]>               <http://www.stevepiercy.com/>
>>
>>
>>#############################################################
>>
>>This message is sent to you because you are subscribed to
>>the mailing list Lasso [hidden email]
>>Official list archives available at http://www.lassotalk.com
>>To unsubscribe, E-mail to: <[hidden email]>
>>Send administrative queries to  <[hidden email]>
>
>Anibal Escobar
>styleexpo
>601 W. 26th St., Ste. M254
>New York, NY 10001
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.stevepiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>