Some browsers show a security warning when paypal (auto) returns a customer after payment to a non https page. This is quite annoying. The obvious solution that has been given was to get a https certificate.
I assume the trouble comes from paypal submitting form data on the return.
Is it is somehow possible to tell paypal to return the customer without any post/get data? Then the warning should not show up. Customer data coming in as post/get is not reliable anyway. In my case customer identification is not even necessary (a simple “thank you” would be enough) and can be done via the session anyway.
I realize this may be a question for a paypal support forum but I have not yet found the right place to go. 🙂
edit 2012-01-24:
while I think it is quite funny that the hack below works I found the official and much better solution by setting rm to 1:
from https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables#id08A6HI0709B
rm
Return method. The FORM METHOD used to send data to the URL specified by the return variable.
Allowable values are:
old hack:
using javascript I found a way to do it. I put some javascript code in the return URL that sends me home without the submit data.
$p->add_field(‘return’, “javascript:window.location = ‘http://mysite.com?p=thanks’;”);
paypal site needs javascript anyway.