Comments (22)
@nikwen no solutions in any post
from laravel-shopify.
Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe? https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957 *this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg
Could any maintainer take a look at this? π’
Yeah my Apps are working fine. Just do not remove shopOrigin from App Bridge initialization
from laravel-shopify.
I created a quick fix to approve my app (It has been approved). I change some files:
@ShirasuGyoza @developertester786 @jhaineymilevis
vendor\osiset\laravel-shopify\src\Traits\AuthController.php
/**
* Get session token for a shop.
*
* @return ViewView
*/
public function token(Request $request)
{
$request->session()->reflash();
$shopDomain = ShopDomain::fromRequest($request);
$target = $request->query('target');
$query = parse_url($target, PHP_URL_QUERY);
$host = $request->query('host');
$cleanTarget = $target;
if ($query) {
// remove "token" from the target's query string
$params = Util::parseQueryString($query);
$params['shop'] = $params['shop'] ?? $shopDomain->toNative() ?? '';
$host = $params['host'];
unset($params['token']);
$cleanTarget = trim(explode('?', $target)[0] . '?' . http_build_query($params), '?');
} else {
$params = ['shop' => $shopDomain->toNative() ?? ''];
$cleanTarget = trim(explode('?', $target)[0] . '?' . http_build_query($params), '?');
}
$shop_domain = $shopDomain->toNative();
if (!$request->has('host') && empty($request->get('host'))) {
if (!empty($host)) {
$request->merge(['host' => $host]);
$shop_domain = base64_decode($host);
}
}
return View::make(
'shopify-app::auth.token',
[
'shopDomain' => $shop_domain,
'target' => $cleanTarget,
]
);
}
vendor\osiset\laravel-shopify\src\resources\views\layouts\default.blade.php
var app = createApp({
apiKey: "{{ \Osiset\ShopifyApp\Util::getShopifyConfig('api_key', base64_decode(\Request::get('host'))) }}",
shopOrigin: "{{ base64_decode(\Request::get('host')) }}",
host: "{{ \Request::get('host') }}",
forceRedirect: true,
});
vendor\osiset\laravel-shopify\src\Traits\BillingController.php
/**
* Processes the response from the customer.
*
* @param int $plan The plan's ID.
* @param Request $request The HTTP request object.
* @param ShopQuery $shopQuery The shop querier.
* @param ActivatePlan $activatePlan The action for activating the plan for a shop.
*
* @return RedirectResponse
*/
public function process(
int $plan,
Request $request,
ShopQuery $shopQuery,
ActivatePlan $activatePlan
): RedirectResponse {
// Get the shop
$shop = $shopQuery->getByDomain(ShopDomain::fromNative($request->query('shop')));
if (!$request->has('charge_id')) {
return Redirect::route(Util::getShopifyConfig('route_names.home'), [
'shop' => $shop->getDomain()->toNative(),
'host' => base64_encode($shop->getDomain()->toNative())
]);
}
// Activate the plan and save
$result = $activatePlan(
$shop->getId(),
PlanId::fromNative($plan),
ChargeReference::fromNative((int) $request->query('charge_id'))
);
// Go to homepage of app
return Redirect::route(Util::getShopifyConfig('route_names.home'), [
'shop' => $shop->getDomain()->toNative(),
'host' => base64_encode($shop->getDomain()->toNative())
])->with(
$result ? 'success' : 'failure',
'billing'
);
}
vendor\osiset\laravel-shopify\src\Http\Middleware\VerifyShopify.php
/**
* Undocumented function.
*
* @param Request $request The request object.
* @param Closure $next The next action.
*
* @throws SignatureVerificationException If HMAC verification fails.
*
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
// Verify the HMAC (if available)
$hmacResult = $this->verifyHmac($request);
// if ($hmacResult === false) {
// // Invalid HMAC
// throw new SignatureVerificationException('Unable to verify signature.');
// }
...
from laravel-shopify.
same problem, did you found any solution?
from laravel-shopify.
Yea, I thought this would be a fix for the new URLs but its not for some reason.
$response->headers->set(
'Content-Security-Policy',
"frame-ancestors https://$domain https://admin.shopify.com"
);
from laravel-shopify.
This line of code works for me now. I have tried.
$shop = Auth::user()->name; return response() ->view('welcome') ->header( 'Content-Security-Policy', "frame-ancestors https://$shop https://admin.shopify.com");
from laravel-shopify.
This line of code works for me now. I have tried.
` $shop = Auth::user()->name;
return response() ->view('welcome') ->header( 'Content-Security-Policy', "frame-ancestors https://$shop https://admin.shopify.com");`
Thanks for this. I'm going to try this tomorrow.
Do you have a multi page app or single page?
from laravel-shopify.
hi @talktohenryj where do you put this code? i used it on default route but dont work
from laravel-shopify.
hi @talktohenryj where do you put this code? i used it on default route but dont work
No, I didn't @apurbajnu said he figured it out. I'm going to try his code tomorrow.
from laravel-shopify.
@jhaineymilevis, you need to use this with a default route. This one is working on my side. Image
from laravel-shopify.
The latest version of the package provides the Content security policy header on all routes, but this is not giving us this issue. Shopify says it is an issue with the app bridge configuration and the host parameter.
We also opened multiple support tickets to request a dev store on the new admin.shopify.com domain, but they say they can not help us. So there is no way for us to test this :(
This was the latest response from Shopify:
when we tried to open that last request to your /authenticate/token path in a new browser tab, it takes us to the legacy/store domain and They are getting a 500 error from your app if they donβt remove that host value attached to the target parameter, which is for redirection after authenticating.
from laravel-shopify.
@jhaineymilevis, you need to use this with a default route. This one is working on my side. Image
from laravel-shopify.
@jhaineymilevis I tested this issue with a fresh laravel + osiset installation.
When you change the shopOrigin value to the new admin domain ex: admin.shopify.com/store/my-store in the AppBridge config in the vendor/osiset/laravel-shopify/src/resources/views/layouts/default.blade.php file, you will not get the error when the app was already authenticated.
This does not work when installing or reinstalling the app.
from laravel-shopify.
Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe?
https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957
*this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg
Could any maintainer take a look at this? π’
from laravel-shopify.
Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe? https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957 *this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg
Could any maintainer take a look at this? π’Yeah my Apps are working fine. Just do not remove shopOrigin from App Bridge initialization
Thanks a lot. Finally it worked for me after adding shopOrigin.
from laravel-shopify.
@abimwaqas @apurbajnu hihi, I still facing this issue.. Could you tell me which code did you modify?
from laravel-shopify.
from laravel-shopify.
Firstly I use react. So I added SHOPIFY_FRONTEND_ENGINE=REACT
. Token router is not needed and config should look like this const config = { apiKey, host, shopOrigin:shopOrigin, forceRedirect: true };
from laravel-shopify.
$shop = Auth::user()->name; return response() ->view('welcome') ->header( 'Content-Security-Policy', "frame-ancestors https://$shop https://admin.shopify.com");
I am facing the similar issue in laravel app. I tried to use this with a default route as @apurbajnu mentioned in routes/web.php
file . But I am still getting This app is outdated and will no longer function after Wednesday, September 6, 2023. Contact the app's developer to update the app.
message.
Anyone found the solution for this? Please help!
from laravel-shopify.
@developertester786 frame-ancestors is for clickjacking. It has nothing to do with outdated app. Check shopify documentation for host parameter which shopify implemented. You need to pass host parameter with app-bridge initialization. In short remove shopOrigin from default.blade.php inside vendor folder. It might work.
from laravel-shopify.
@deepahir do you have an example approach for react use with this library?
from laravel-shopify.
@filipembcruz with your fix, after /api/authenticate/token
, I'm redirected to /admin/admin/apps/API_KEY/api/authenticate/token
. Which is not correct. Any help is appreciated
from laravel-shopify.
Related Issues (20)
- CSRF token mismatch error in POST call using Ajax HOT 1
- Osiset\ShopifyApp\Exceptions\MissingAuthUrlException HOT 4
- 17.2 In the package in which I am facing the problem 302 status, I send the request or delete the error value, this is a problem facing HOT 3
- App must set security headers to protect against clickjacking && App must verify the authenticity of the request from Shopify. HOT 10
- rest api HOT 6
- There was an error opening your app in the Shopify admin. Your embedded app is loading an invalid URL (17.2) HOT 21
- shopify appuinstalljob problem HOT 2
- Scope Re-approval HOT 2
- Missing host parameter on getConfig(api_key) call HOT 1
- ORDER_TRANSACTIONS_CREATE Webhook not register on shopify HOT 3
- No authenticated user or shop domain error on command call HOT 1
- How to update webhook URL's for old stores? HOT 2
- Alpine.js/Livewire and Power-Grid Authentication redirect hangup HOT 1
- MissingAuthUrlException (Missing auth url) HOT 3
- Auth:user->name and utils Issues while Upgrading v12.x to v17.x HOT 2
- "Shopify App Outdated" but running latest app bridge, osiset, etc HOT 29
- Approving recurring billing throws SignatureVerificationException using BLADE frontend_engine config HOT 8
- upgrading and downgrading plan got issue first time.. HOT 1
- App Extension Set up Issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-shopify.