Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

403 on /checkout/onepage/saveOrder/ (OnepageController.php saveOrderAction)
 
mrichardson
Jr. Member
 
Total Posts:  2
Joined:  2012-07-06
 

Hello,

We have recently gone live with our Magento store. For the most part, everything is running smoothly - however, I have noticed through daily logwatch emails that clients occasionally receive a 403 Forbidden HTTP response code when requesting the URL /checkout/onepage/saveOrder/.

I suspected the following:

Non-acceptance of billing agreements
I looked in OnepageController.php and there is the following in saveOrderAction():

if ($requiredAgreements Mage::helper('checkout')->getRequiredAgreementIds()) {
                $postedAgreements 
array_keys($this->getRequest()->getPost('agreement', array()));
                if (
$diff array_diff($requiredAgreements$postedAgreements)) {
                    $result[
'success'false;
                    
$result['error'true;
                    
$result['error_messages'$this->__('Please agree to all the terms and conditions before placing the order.');
                    
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($result));
                    return;
                
}
            }

But we don’t have any billing agreements set up, so I can’t imagine it’s this.

Issue with session (expiring or data being invalid)

I don’t think the session is expiring because we keep the sessions for 2 days. But there is the _expireAjax() method in OnepageController.php which could be responsible for the issue:

protected function _expireAjax()
    
{
        
if (!$this->getOnepage()->getQuote()->hasItems()
            || 
$this->getOnepage()->getQuote()->getHasError()
            || 
$this->getOnepage()->getQuote()->getIsMultiShipping()) {
            $this
->_ajaxRedirectResponse();
            return 
true;
        
}
        $action 
$this->getRequest()->getActionName();
        if (
Mage::getSingleton('checkout/session')->getCartWasUpdated(true)
            && !
in_array($action, array('index''progress'))) {
            $this
->_ajaxRedirectResponse();
            return 
true;
        
}

        
return false;
    
}

If either of those if statements evaluates to true, it calls the _ajaxRedirectResponse() method which does return a 403 status code.

Does anyone know what is happening here? Has anyone seen this before? The issue is very intermittent and I haven’t been able to spot a pattern.

Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top