Search code examples
phphttp-headerspaypal-ipn

PayPal IPN error: line folding of header fields is not supported

A PayPal IPN script that's been running for years suddenly stopped working. PayPal is returning the following response:

HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 46
content-type: text/plain; charset=utf-8

line folding of header fields is not supported

To summarize how PayPal IPN is supposed to work:

  1. PayPal POSTs to an endpoint on your system
  2. The endpoint must reply back to PayPal with the POST data it received
  3. PayPal responds back with VERIFIED

In my case, PayPal cannot verify the response because, "line folding of header fields is not supported".

Google's not providing much on "line folding header fields". I can only assume it's something to do with header formatting. Here is the pertinent code:

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
}

// post back to PayPal system to validate
// 7/22/2013 - Update to use HTTP 1.1 instead of HTTP 1.0
$header  = "POST /cgi-bin/webscr HTTP/1.1\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n";
$header .= "Host: www.paypal.com\r\n ";
$header .= "Connection: close\r\n\r\n";

// Open a connection to PayPal.com
$fp = @fsockopen("ssl://{$target}", 443, $errno, $errstr, 30);

if (!$fp) {
  // HTTP ERROR
}else{
  @fputs ($fp, $header . $req);
  while (!@feof($fp)) {
    $res = @fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
      $verified = true;
    }else{
      // Log failure
    }
  }
  @fclose ($fp);
}

Any ideas what might be causing the error about line folding in regards to the headers?

Solution

  • Header folding is explained under https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.4:

    Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold).

    I had to echo out the headers you are generating to see the problem myself, it is quite hard to spot:

    $header .= "Host: www.paypal.com\r\n ";

    The extra space after the line break here, means the next header line will start with that space - and that means, you are "folding headers", without having actually intended to do so.

    Remove that extra trailing space, and things should work fine.