Basic PayPal Checkout Button giving a 500 internal server error in Firefox

Question

I am using Basic PayPal Checkout Button (data-version-4) with jason payload to do a payment against the 'sandbox'. All the code works fine until it gets to the point of 'Confirm' or 'Pay now' within the PayPal-Pop-Up (Lightbox) ... at this point the Pop-Up closes and no further calls are made to the Button (as example: onAuthorize is not initiated).

At this point the console shows several a warning and errors after 3 x apy_retry. Is this a known issue or does someone have a suggestion on this?

Any help is welcome and thank you very much in advance, Christian

UPDATE: in Google Chrome (Version 54) it is possible to complete the payment, i am having the errors just within Firefox V49.0.2

Warning

missing_csrf_jwt Object { timestamp=1479294755397, windowID="5fbc81d2c8", pageID="3768daa62d"}

Error

"NetworkError: 500 Internal Server Error - https://www.sandbox.paypal.com/webapps/hermes/api/payment/PAY-1UH37573M6748251ALAWD6BI?"

http_response_500 Object { timestamp=1479294756872, windowID="5fbc81d2c8", pageID="3768daa62d"}

Response of the GET Payment request from button.js

{"ack":"error","message":"Unhandled api error","meta":{"calc":"5c86b8d3140ef","rlog":"rKGmcXTB%2B2NqZAMhrf0E %2BSi2kRuzAYN1zBd6UkYGjcFtNQ0WfaI3FHIbPIRTaJRcwP4CM4%2FkeW05efr7awS8xw_1586cc53450"},"server":"Wb_7k zG8hs8iXSTxTssRX7gAbhKsGUveN-Qi5qR4xO-eChao8SHpy7dW9-lcr1X7z1Ex578DclpDjpNeK6E56fHpDAqRWL8SI0Od4rpHe HT57pjggRD85TXSwGA9IYgdTw8WLisakLokxa9yxvmsjiYYO9Sf8Hnb4sanRFuPznDh8b4zEXUgz2kxautGGtS3lTXJjgK9TVqouGCqrStk_j4GQC1ssToOZ0n6am" }

Console

Screenshot of the console Dev Tools

Answer 1

Your developer console says (in German, I believe) there is an issue with Strict-Transport-Security. This is almost certainly your problem because the policy on handling this error differs from browser to browser.

I also see that the Paypal API is on an https url. Is the request originating from your browser in an http (without the s) setting? In which case this may be the problem, as you would want a request to a secure API to also originate from an encrypted, secure source.

EDIT: You may also want to look at LetsEncrypt which gives developers such as yourself access to free, extremely easy to setup SSL certificates.