Apple Pay Domain Verification 406 Error

Question

Created Apr ’22

Replies 5

Boosts 0

Views 2k

Participants 2

I am having an issue with my Stripe Apple Pay integration after registering a domain when Apple tries to hit the /.well-known/apple-developer-merchantid-domain-association route. Specifically, our server is returning a 406 error because it could not handle the http accept header in the request. I did some digging and found that the accept header we are receiving is blank (e.g. 'HTTP_ACCEPT': '') and we are unable to handle that. I found this strange because we also have an in-house Apple Pay implementation and a Square Apple Pay integration for users who do not use Stripe, and we have never run into this issue before.

I am mainly curious why this header is empty since we don't have this issue with square or with our in house implementation.

Answered by Systems Engineer in 710359022

I am mainly curious why this header is empty since we don't have this issue with square or with our in house implementation.

Let me make sure I understand this correctly; You have a domain that you are trying to verify, and when the verification request comes into your server from Apple it has a blank header for HTTP_ACCEPT in the request. Is that correct?

If so, is this request passing through a proxy before hitting your server? Are you able to post the request headers here? (Make sure to redact the sensitive information)

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Apr ’22

Accepted Answer

I am mainly curious why this header is empty since we don't have this issue with square or with our in house implementation.

Let me make sure I understand this correctly; You have a domain that you are trying to verify, and when the verification request comes into your server from Apple it has a blank header for HTTP_ACCEPT in the request. Is that correct?

If so, is this request passing through a proxy before hitting your server? Are you able to post the request headers here? (Make sure to redact the sensitive information)

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

jps__ OP

Apr ’22

Correct, the request to well-known/apple-developer-merchantid-domain-association has an HTTP_ACCEPT header but it is blank.

I don't believe the requests go through a proxy. I'm currently debugging this by attempting to register an ngrok domain. The headers I'm seeing are:

'HTTP_USER_AGENT': 'oslopartner Client 1.0',
'HTTP_ACCEPT': '',
'HTTP_ACCEPT_ENCODING': 'gzip',
'HTTP_VIA': 'https/1.1 usatl4-edge-bx-014.ts.apple.com[11FD071B] (ApacheTrafficServer/6.1.2)',
'HTTP_X_FORWARDED_FOR': '54.187.174.169',
'HTTP_X_FORWARDED_PROTO': 'https',
'HTTP_X_ORIGINAL_HOST': 'apple-pay-test.ngrok.io',

0

Answer 3

Systems Engineer OP

Apple

Apr ’22

Usually when headers like the following are added to a request:

'HTTP_X_FORWARDED_FOR': '54.187.174.169',
'HTTP_X_FORWARDED_PROTO': 'https',

The request has either passed through another server or a proxy. That looks like the case here because of:

'HTTP_X_ORIGINAL_HOST': 'apple-pay-test.ngrok.io'

If you go straight at the server to validate the domain, do you see the same behavior?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 4

jps__ OP

Apr ’22

Thanks for your reply. I originally thought those headers were there because I was forwarding requests to an ngrok server over to my local dev server, but I was able to test this in a live env and we do pass requests through another server first.

I'm unable to send requests straight to the server because I can't change our underlying system. Also, we always pass requests through another server first and we only have this issue with the Stripe Apple Pay integration.

I thought maybe there was a reason why this header was blank, like there was something wrong on Stripe's end. If there's not a real "problem" then we can just handle the blank header on our side.

I'm also realizing that both you and I included the IP address in the HTTP_X_FORWARDED_FOR header in previous comments, but I am unable to edit mine. Are you able to edit or delete past comments so we can remove that IP address?

0

Answer 5

jps__ OP

Apr ’22

Any other thoughts on this? And are you able to edit comments/delete the post?

0