magento2: Authorize.net Gateway Errors are Hidden from Customer
Preconditions
- Magento 2.2.0
- PHP7
- Using Cloudflare (possibly affecting the result?)
Steps to reproduce
- Use Authorize.net Directpost Gateway
- Input incorrect credit card details (like ZIP code)
- Get generic error message
Expected result
- Errors should be more specific on the front-end, at least as specific as what is shown on the backend.
Actual result
- Backend properly shows the gateway error when you look at the canceled order, but frontend only gives: “An error occurred on the server. Please try to place the order again.”
This isn’t a security issue, as directpost sends the specific error message back to the client anyway, so there’s no reason to obscure it from them, for example, the transact.dll page I get back is:
<html>
<head>
<script src="/cdn-cgi/apps/head/T7EtBsweFKe1xNvIw3WyPZwuLhQ.js"></script><script type="text/javascript">
//<![CDATA[
window.__mirage2 = {petok:"69f379d78c19a6555bff955b51606a795a185422-1511195322-1800"};
//]]>
</script>
<script type="text/javascript" src="https://ajax.cloudflare.com/cdn-cgi/scripts/0e574bed/cloudflare-static/mirage2.min.js"></script>
<script>
window.location="https://dressedinwhite.com/authorizenet/directpost_payment/redirect/x_invoice_num/1000020032/success/0/error_msg/Gateway error: The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder./controller_action_name/directpost_payment/is_secure/1/";
</script>
</head>
<body></body>
</html>
As you can see, the client already sees the error(but it isn’t displayed to the user), which is “Gateway error: The transaction has been declined because of an AVS mismatch. The address provided does not match billing address of cardholder.”
But when Magento 2 generates the error page, it’s a generic error, like so:
<html>
<head>
<script src="/cdn-cgi/apps/head/T7EtBsweFKe1xNvIw3WyPZwuLhQ.js"></script><script>
var require = window.top.require;
require(
[
'jquery',
'Magento_Ui/js/model/messageList',
'mage/translate'
],
function($, globalMessageList, $t) {
var parent = window.top;
$(parent).trigger('clearTimeout');
globalMessageList.addErrorMessage({
message: $t('An error occurred on the server. Please try to place the order again.')
});
}
);
</script>
</head>
<body></body>
</html>
This is a massive issue, as any customer that has problems with checkout becomes highly likely to just give up due to being given no direction as to how to fix it.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 3
- Comments: 34 (2 by maintainers)
@AirmanAJK Can you please share the code for display the error message in the popup? It will really help us.
@clikit101 If you need, I can share my code snippet to display the error message as a modal UI alert. It uses the built in Magento components, so it’s not much code. Here’s a screenshot:
You can see the original error message lurking in the background.
Same issue / complaint. Any progress, patch available? I have three customer sites that are impacted. Your help is appreciated.
@AirmanAJK . Any chance you can share your code snippet?
From https://github.com/magento/magento2/issues/13172#issuecomment-357880599, it sounds like this is the expected behavior, and not one that’s going to change. :head-desk: