Server error 5006: Unable to redirect to Vendor's web site. The Vendor failed to provide a RedirectionURL.

[cory-mosey]

Can't seem to get rid of this issues, receiving both:

Server error 5006: Unable to redirect to Vendor's web site. The Vendor failed to provide a RedirectionURL.

HTTP error 500: The request was unsuccessful due to an unexpected condition encountered by the server.

Here is the code I'm doing (Please note I've not encrypted or used UUIDs until I could get it working:

public function getPayment()
	{
		$gateway = Omnipay::create('SagePay_Server');
        $gateway->setVendor('test');
        $gateway->setTestMode(true);

		$test = rand(0, 1000);

		$order = Order::where('id', '=', $test)->first();

        $params = [
            'description' => 'Online order',
            'currency' => 'GBP',
            'transactionId' => $order->id,
            'amount' => 20.00,
            'returnUrl' => "https://tester.domainname.com/cart/gateway/process/{$order->id}"
        ];

        $params['card'] = [
            'firstName' => 'Cory',
            'lastName' => 'Forename',
            'email' => '[email protected]',
            'billingAddress1' => 'Test Road 1',
            'billingAddress2' => 'Tester',
            'billingCity' => 'Towner',
            'billingPostcode' => 'Postcoder',
            'billingCountry' => 'GB',
            'billingPhone' => '00000000000',
            'shippingAddress1' => 'DLine 1',
            'shippingAddress2' => 'DLine 2',
            'shippingCity' => 'D Town',
            'shippingPostcode' => 'D Postcode',
            'shippingCountry' => 'GB'
        ];

        try {
            $response = $gateway->purchase($params)->send();


            if ($response->isSuccessful()) :

                //not using this part

            elseif ($response->isRedirect()) :

                $reference = $response->getTransactionReference();

                $order->sagepay_reference = $reference;
                $order->save();

                $response->redirect();

            else :
                //do something with an error
                echo $response->getMessage();

            endif;

        } catch (\Exception $e) {

            //do something with this if an error has occurred
            echo 'Sorry, there was an error processing your payment. Please try again later.';
        }
}

public function getGatewayProcess($id)
	{
		$gateway = Omnipay::create('SagePay_Server');
        $gateway->setVendor('test');
        $gateway->setTestMode(true);

		$order = Order::where('id', '=', $id)->first();

		$params = array(
            'description'=> 'Online order',
            'currency'=> 'GBP',
            'transactionId'=> $order->id,
            'amount'=> 20.00
        );

        $transactionReference = $order->sagepay_reference;

        try {
            $response = $gateway->completePurchase([
                'transactionId' => $order->id,
                'transactionReference' => $transactionReference,
            ])->send();

            //encrypt it to stop anyone being able to view other orders
            $response->confirm('https://tester.domainname.com/cart/gateway/response/' . $order->id);

        } catch(InvalidResponseException $e) {
            // Send "INVALID" response back to SagePay.
            $request = $gateway->completePurchase(array());
            $response = new \Omnipay\SagePay\Message\ServerCompleteAuthorizeResponse($request, array());

            // customFunctionToSaveStatus($orderNo, array('payment_status' => $response->getStatus()));
            // customFunctionToSaveMessage($orderNo, array('gateway_response' => $response->getMessage()));

            redirect('/payment-error-response/');
        }
}

Any ideas?

[JJ: edited for code formatting]

[judgej]

The Sage Pay Server back channel uses a POST, so you will need to make sure CSRF is disabled for the route to getGatewayProcess(), which I assume is your back channel. That is very important, since Laravel will apply CSRF to POST requests for all routes by default.

In addition, that channel is a server-to-server request, so the redirect() has no place in there. You must always return a formatted message using confirm() or reject(). error() should be used in very exceptional circumstances. All should be a 200 response. You can try calling your notification handler (the back channel) using something like Postman to get an idea of what Sage Pay is seeing, and that may give you some clues.

This is probably the most difficult part of the Sage Pay Server API - Sage Pay is making requests to your server, and if things are not set up right, it does not work, but you cannot directly see what is going on in that exchange.

[judgej]

Try also notifyUrl rather than redirectUrl.

Last thing - the transactionReference must be unique for each payment initiation. So if payment fails on the first attempt, you would like the customer to try again, then you cannot use the order ID every time. Maybe suffix it with an attempt number, for example 1234-1, 1234-2 etc. Just something to bear in mind.

Let us know how it goes.

[judgej]

Closing - I assume OP either solved this issue or it is no longer relevant.