> it seems to me that Google deliberately blocks requests to paypal. nc,
> nc, nc... kind of in contradiction to the open web thing you guys are
> preaching. I hope that this is just a bug though but I cannot see why
> it should be... any other request of a similar nature works fine, even
> with a similar syntax.. even requests with similar domain but not
> directly pointing to paypal.com work fine.

> what's going on?

> dear developers,

> as always, if something doesn't work you can hack it. apparently
> Google blocks URLs to paypal but with a bit of creativity we can
> bypass this restriction. I hope that we don't have to do this in the
> future. the only reason I am sharing this information is to provoke
> Google's decision to block PayPal URLs. I know that by reading this
> they may try to prevent this method as well but ... well, I am taking
> the risk.

> so, requests to:

> https://www.paypal.com/cgi-bin/webscrhttps://www.sandbox.paypal.com/c...

> are blocked. as usual these checks are not very complete. in order to
> bypass them we need to change the paypal URLs to something different.
> For example, we can use tinyurl for that matter:

> http://tinyurl.com/3ro7da

> which is actually

> https://www.sandbox.paypal.com/cgi-bin/webscr

> if we send the post verification to that URL we bypass the restriction
> which lead to VERIFIED or INVALID or whatever else PayPal may return.

> Now, I won't trust tinyurl for these kind of stuff but all you need to
> do is to write a simple redirection utility. Just create a new GET and
> POST request handler for IPN redirections and point your scripts to
> that instead of the real paypal URLs. When the request arrive you
> translate them to the paypal ones via a 302 open redirect.

> solved!

> regards,
> pdp

> gnucitizen.org | gnucitizen.com | gnucitizen.net | hakiri.org |
> spinhunters.org

> On Jun 9, 3:26 pm, pdp <pdp.gnuciti...@googlemail.com> wrote:

> > it seems to me that Google deliberately blocks requests to paypal. nc,
> > nc, nc... kind of in contradiction to the open web thing you guys are
> > preaching. I hope that this is just a bug though but I cannot see why
> > it should be... any other request of a similar nature works fine, even
> > with a similar syntax.. even requests with similar domain but not
> > directly pointing to paypal.com work fine.

> > what's going on?

> Thanks for this. There's a good chance I'll need to use paypal in my
> app, so I'll know where to come if I run into trouble. But hopefully,
> as you say, Google will fix this. Google is indeed supposed to be
> support and champion an open internet..

> On Jun 9, 3:43 pm, pdp <pdp.gnuciti...@googlemail.com> wrote:

> > dear developers,

> > as always, if something doesn't work you can hack it. apparently
> > Google blocks URLs to paypal but with a bit of creativity we can
> > bypass this restriction. I hope that we don't have to do this in the
> > future. the only reason I am sharing this information is to provoke
> > Google's decision to block PayPal URLs. I know that by reading this
> > they may try to prevent this method as well but ... well, I am taking
> > the risk.

> > so, requests to:

> >https://www.paypal.com/cgi-bin/webscrhttps://www.sandbox.paypal.com/c...

> > are blocked. as usual these checks are not very complete. in order to
> > bypass them we need to change the paypal URLs to something different.
> > For example, we can use tinyurl for that matter:

> >http://tinyurl.com/3ro7da

> > which is actually

> >https://www.sandbox.paypal.com/cgi-bin/webscr

> > if we send the post verification to that URL we bypass the restriction
> > which lead to VERIFIED or INVALID or whatever else PayPal may return.

> > Now, I won't trust tinyurl for these kind of stuff but all you need to
> > do is to write a simple redirection utility. Just create a new GET and
> > POST request handler for IPN redirections and point your scripts to
> > that instead of the real paypal URLs. When the request arrive you
> > translate them to the paypal ones via a 302 open redirect.

> > solved!

> > regards,
> > pdp

> > gnucitizen.org | gnucitizen.com | gnucitizen.net | hakiri.org |
> > spinhunters.org

> > On Jun 9, 3:26 pm, pdp <pdp.gnuciti...@googlemail.com> wrote:

> > > it seems to me that Google deliberately blocks requests to paypal. nc,
> > > nc, nc... kind of in contradiction to the open web thing you guys are
> > > preaching. I hope that this is just a bug though but I cannot see why
> > > it should be... any other request of a similar nature works fine, even
> > > with a similar syntax.. even requests with similar domain but not
> > > directly pointing to paypal.com work fine.

> > > what's going on?

> Wow, so they're actually blocking the PayPal URLs? That doesn't sound
> like a "do no evil" policy to me. In fact, it is exactly the sort of
> thing that people fear most about Google App Engine (that Google will
> use their position of power to dictate what your applications can and
> cannot access.)

> sounds unreasonable...

> On Tue, Jun 10, 2008 at 6:46 PM, Aral Balkan <aralbal...@gmail.com> wrote:

> > I just blogged about this here:
> >http://aralbalkan.com/1356

> > Let's hope we get an answer from the good folks at Google.

> > Aral

> > On Jun 10, 11:23 am, Aral Balkan <aralbal...@gmail.com> wrote:
> > > Wow, so they're actually blocking the PayPal URLs? That doesn't sound
> > > like a "do no evil" policy to me. In fact, it is exactly the sort of
> > > thing that people fear most about Google App Engine (that Google will
> > > use their position of power to dictate what your applications can and
> > > cannot access.)
> > <snip>

> --
> BQ

> This is something that I had planned to integrate into my app too, so
> knowing that Google is against it is a little worrying.  I'm hoping
> this is a temporary restriction due to the beta-ness of AppEngine at
> the moment and not a formal policy moving forward.  Ducking and diving
> through redirects and so on is not the kind of confidence-inspiring
> stuff you want to be looking at when building payment-processing
> stuff.

> On Jun 10, 8:00 am, "wave connexion(BQ)" <waveconnex...@gmail.com>
> wrote:

> > sounds unreasonable...

> > On Tue, Jun 10, 2008 at 6:46 PM, Aral Balkan <aralbal...@gmail.com> wrote:

> > > I just blogged about this here:
> > >http://aralbalkan.com/1356

> > > Let's hope we get an answer from the good folks at Google.

> > > Aral

> > > On Jun 10, 11:23 am, Aral Balkan <aralbal...@gmail.com> wrote:
> > > > Wow, so they're actually blocking thePayPalURLs? That doesn't sound
> > > > like a "do no evil" policy to me. In fact, it is exactly the sort of
> > > > thing that people fear most about Google App Engine (that Google will
> > > > use their position of power to dictate what your applications can and
> > > > cannot access.)
> > > <snip>

> > --
> > BQ

> unfortunately Google are on it again... now it returns

> raise DownloadError()

> I guess they are blocking paypal at their gateway....

> hmmmm... so much for sharing :(

> On Jun 10, 2:22 pm, glenc <glen.coa...@gmail.com> wrote:

> > This is something that I had planned to integrate into my app too, so
> > knowing that Google is against it is a little worrying.  I'm hoping
> > this is a temporary restriction due to the beta-ness of AppEngine at
> > the moment and not a formal policy moving forward.  Ducking and diving
> > through redirects and so on is not the kind of confidence-inspiring
> > stuff you want to be looking at when building payment-processing
> > stuff.

> > On Jun 10, 8:00 am, "wave connexion(BQ)" <waveconnex...@gmail.com>
> > wrote:

> > > sounds unreasonable...

> > > On Tue, Jun 10, 2008 at 6:46 PM, Aral Balkan <aralbal...@gmail.com> wrote:

> > > > I just blogged about this here:
> > > >http://aralbalkan.com/1356

> > > > Let's hope we get an answer from the good folks at Google.

> > > > Aral

> > > > On Jun 10, 11:23 am, Aral Balkan <aralbal...@gmail.com> wrote:
> > > > > Wow, so they're actually blocking thePayPalURLs? That doesn't sound
> > > > > like a "do no evil" policy to me. In fact, it is exactly the sort of
> > > > > thing that people fear most about Google App Engine (that Google will
> > > > > use their position of power to dictate what your applications can and
> > > > > cannot access.)
> > > > <snip>

> > > --
> > > BQ

> You mean it doesn't work even with a redirect now?

> On Jun 10, 3:02 pm, pdp <pdp.gnuciti...@googlemail.com> wrote:

> > unfortunately Google are on it again... now it returns

> > raise DownloadError()

> > I guess they are blockingpaypalat their gateway....

> > hmmmm... so much for sharing :(

> > On Jun 10, 2:22 pm, glenc <glen.coa...@gmail.com> wrote:

> > > This is something that I had planned to integrate into my app too, so
> > > knowing that Google is against it is a little worrying.  I'm hoping
> > > this is a temporary restriction due to the beta-ness of AppEngine at
> > > the moment and not a formal policy moving forward.  Ducking and diving
> > > through redirects and so on is not the kind of confidence-inspiring
> > > stuff you want to be looking at when building payment-processing
> > > stuff.

> > > On Jun 10, 8:00 am, "wave connexion(BQ)" <waveconnex...@gmail.com>
> > > wrote:

> > > > sounds unreasonable...

> > > > On Tue, Jun 10, 2008 at 6:46 PM, Aral Balkan <aralbal...@gmail.com> wrote:

> > > > > I just blogged about this here:
> > > > >http://aralbalkan.com/1356

> > > > > Let's hope we get an answer from the good folks at Google.

> > > > > Aral

> > > > > On Jun 10, 11:23 am, Aral Balkan <aralbal...@gmail.com> wrote:
> > > > > > Wow, so they're actually blocking thePayPalURLs? That doesn't sound
> > > > > > like a "do no evil" policy to me. In fact, it is exactly the sort of
> > > > > > thing that people fear most about Google App Engine (that Google will
> > > > > > use their position of power to dictate what your applications can and
> > > > > > cannot access.)
> > > > > <snip>

> > > > --
> > > > BQ

> Hi,

> Thanks for the report! This is a bug, and we have located the problem.
> There was an error in our anti-phishing protections that was blocking
> some specific URL domains from being fetched using the URLFetch
> service. This was an oversight on our part, and these specific domain
> restrictions will be removed in the next few days.

> Thanks,
> Marzia

> On Jun 10, 7:06 am, peterk <peter.ke...@gmail.com> wrote:

> > You mean it doesn't work even with a redirect now?

> > On Jun 10, 3:02 pm, pdp <pdp.gnuciti...@googlemail.com> wrote:

> > > unfortunately Google are on it again... now it returns

> > > raise DownloadError()

> > > I guess they are blockingpaypalat their gateway....

> > > hmmmm... so much for sharing :(

> > > On Jun 10, 2:22 pm, glenc <glen.coa...@gmail.com> wrote:

> > > > This is something that I had planned to integrate into my app too, so
> > > > knowing that Google is against it is a little worrying.  I'm hoping
> > > > this is a temporary restriction due to the beta-ness of AppEngine at
> > > > the moment and not a formal policy moving forward.  Ducking and diving
> > > > through redirects and so on is not the kind of confidence-inspiring
> > > > stuff you want to be looking at when building payment-processing
> > > > stuff.

> > > > On Jun 10, 8:00 am, "wave connexion(BQ)" <waveconnex...@gmail.com>
> > > > wrote:

> > > > > sounds unreasonable...

> > > > > On Tue, Jun 10, 2008 at 6:46 PM, Aral Balkan <aralbal...@gmail.com> wrote:

> > > > > > I just blogged about this here:
> > > > > >http://aralbalkan.com/1356

> > > > > > Let's hope we get an answer from the good folks at Google.

> > > > > > Aral

> > > > > > On Jun 10, 11:23 am, Aral Balkan <aralbal...@gmail.com> wrote:
> > > > > > > Wow, so they're actually blocking thePayPalURLs? That doesn't sound
> > > > > > > like a "do no evil" policy to me. In fact, it is exactly the sort of
> > > > > > > thing that people fear most about Google App Engine (that Google will
> > > > > > > use their position of power to dictate what your applications can and
> > > > > > > cannot access.)
> > > > > > <snip>

> > > > > --
> > > > > BQ

> good

> Thanks for responding and fixing this so quickly, Marzia! :)

> I've updated my blog post with your comment, btw.

> Aral