Alipay failed to verify the signature (sandbox test indicates fishing risk?) [original]

Link to the original text

Alipay PC Payment synchronization jump signature verification failed , The general reason is that many people will configure the Alipay public key in the configuration to the application public key, resulting in failure , This is not the reason why I directly exclude .

By printing the received parameters, some fishy things are found .

The signature verification fails because there is a parameter not related to payment in the received packet , This is the culprit s, Finally, it was found that it was used before TP, Replace the back with Laravel after nginx The configuration of is copied directly , The rewriting part is also used TP Configuration of , As a result, there is one more in the received data s Parameters , Just modify the rewriting part .

Before the change ：

location / {
            index  index.html index.htm index.php;
            if (!-e $request_filename) {
                        rewrite ^(.*)$ /index.php?s=/$1 last;
                        break;
                        }
            autoindex  off;
        }

  After modification ：

location / {
            index  index.html index.htm index.php;
            try_files $uri $uri/ /index.php?$query_string;
            autoindex  off;
        }

There's another problem , Sandbox test PC Prompt for fishing risk during payment

Open a new browser test directly