JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
We got a notice from Authorize.net about rejecting GET requestsAsked by jdt3901 on April 27, 2016 at 09:37 AM
I got an email from authorize.net saying that as of June 30 this year, they will reject payment submissions using HTTP GET. As a new client, we intend to set up a lot of systems using Jotform, and I would appreciate someone from Jotform's tech support letting me know that Jotform will be prepared for this change.
I've attached a screenshot of the email I received. I appreciate you helping me out in this way.
JotForm Submissions attached
As far as I am aware we never used GET requests, but I can assure you that our developers react to first emails and notifications from payment processors. Since they have developer accounts on the same this means that the notice on some payment processors comes in before it does for non developer accounts.
As such you should have no issues with Authorize.net tool, but I will raise this up so that we can get a confirmation of the same from one of the developers as well.
They will reply back over this thread.
One of my clients also received this notice. This is not related to jotform, but this thread is the only relevant hit on a google search. Far as I know, none of our software (nor our client's software) uses GET requests for Authorize.net.
It sure would be nice if Authorize.net provided more information about this issue. IP addresses of the offending hosts, transaction ID's of the problem requests, something... anything other than the completely uninformative warning message they are currently sending out.
My colleague have already forwarded this query to our backend team. Unfortunately we have not received any update form them yet but we will get back to you as soon as we have any information on this.
Sorry to be a pest, but I need to know asap. This is a deal breaker for us.
As mentioned by Bill above, I never heard of someone using GET requests for payment processing. As such I can assure you that we are not using the same.As mentioned I have forwarded this up to our developers and it is assigned to one developer to investigate the same and see what exactly Authorize.net is looking for. I presume that our developer did not update you here since we got few threads on similar subject, but mentioning different cases so he is probably checking it all at once.Once our developer makes sure that everything is up to par he will confirm the same here.Again, the fact that it is GET, makes little sense for payments so you should not worry - this is only raised to confirm the same.
Hi, all. My client just received the same email from authorize.net. One question I'd like to add to this thread. I know it shouldn't make a difference, but does it matter that the website that the form is embedded in does not have an SSL certificate?
If your client's forms are used for payment, it is always better to have the form embedded and the data accessed over a secure connection.
To answer your question 'If that matters ', yes it does matter since Mixed Content can present security risk for your users if sensitive data are transmitted over insecure connection.
But I'm not sure if this has anything to do with that message from Authorize.net.
Thank you for your reply. I'll let them know. =M=
The incoming update from Authorize.Net should not affect your forms. We send POST type requests for all transactions made via JotForm, so this should not pose any problems whatsoever