Php – Magento onepage checkout saveOrder 302 redirect

magentomagento-1.8PHP

Running a new Magento 1.8 install and on the onepage checkout, at the final review when the user submits the order, there's an ajax request for http://www.domain.com/checkout/onepage/saveOrder/. The status code for this request is 302 Found and the response is null (and it should be {"success":true,"error":false}).

I don't know how it gets a 302 when it should be a 200 status. Any ideas?

Best Answer

Ran across this tip that fixed it for me. Essentially it looks like they forgot to include the formKey in the saveOrder ajax request.

Find app / design / frontend / (template name) / template / checkout / onepage / review / info.phtml and around line number 60 replace...

    <script type="text/javascript">
        //<![CDATA[
            review = new Review('<?php echo $this->getUrl('checkout/onepage/saveOrder') ?>', '<?php echo $this->getUrl('checkout/onepage/success') ?>', $('checkout-agreements'));
        //]]>
    </script>

...with this...

    <script type="text/javascript">
    //<![CDATA[
        review = new Review('<?php echo $this->getUrl('checkout/onepage/saveOrder', array('form_key' => Mage::getSingleton('core/session')->getFormKey())) ?>', '<?php echo $this->getUrl('checkout/onepage/success') ?>', $('checkout-agreements'));
    //]]>
    </script>

1. Basic answer

You can use the header() function to send a new HTTP header, but this must be sent to the browser before any HTML or text (so before the <!DOCTYPE ...> declaration, for example).

header('Location: '.$newURL);

2. Important details

die() or exit()

header("Location: http://example.com/myOtherPage.php");
die();

Why you should use die() or exit(): The Daily WTF

Absolute or relative URL

Since June 2014 both absolute and relative URLs can be used. See RFC 7231 which had replaced the old RFC 2616, where only absolute URLs were allowed.

Status Codes

PHP's "Location"-header still uses the HTTP 302-redirect code, this is a "temporary" redirect and may not be the one you should use. You should consider either 301 (permanent redirect) or 303 (other).

Note: W3C mentions that the 303-header is incompatible with "many pre-HTTP/1.1 user agents. Currently used browsers are all HTTP/1.1 user agents. This is not true for many other user agents like spiders and robots.

3. Documentation

HTTP Headers and the header() function in PHP

4. Alternatives

You may use the alternative method of http_redirect($url); which needs the PECL package pecl to be installed.

5. Helper Functions

This function doesn't incorporate the 303 status code:

function Redirect($url, $permanent = false)
{
    header('Location: ' . $url, true, $permanent ? 301 : 302);

    exit();
}

Redirect('http://example.com/', false);

This is more flexible:

function redirect($url, $statusCode = 303)
{
   header('Location: ' . $url, true, $statusCode);
   die();
}

6. Workaround

As mentioned header() redirects only work before anything is written out. They usually fail if invoked inmidst HTML output. Then you might use a HTML header workaround (not very professional!) like:

 <meta http-equiv="refresh" content="0;url=finalpage.html">

Or a JavaScript redirect even.

window.location.replace("http://example.com/");

Php – Place Order fails in Magento OnePage Checkout

Custom modules were at fault. Disabling all of the custom modules in the Magento admin does not actually disable them, it only "disables their output".

Setting False in the module configuration resolved the invalid headers error, at which point I was able to debug the custom module issue that was causing the AJAX checkout errors.