The app not works on https://admin.shopify.com about laravel-shopify HOT 22 OPEN

@nikwen no solutions in any post

from laravel-shopify.

Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe? https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957 *this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg

Could any maintainer take a look at this? 😢

Yeah my Apps are working fine. Just do not remove shopOrigin from App Bridge initialization

from laravel-shopify.

I created a quick fix to approve my app (It has been approved). I change some files:

@ShirasuGyoza @developertester786 @jhaineymilevis

vendor\osiset\laravel-shopify\src\Traits\AuthController.php

    /**
     * Get session token for a shop.
     *
     * @return ViewView
     */
    public function token(Request $request)
    {
        $request->session()->reflash();
        $shopDomain = ShopDomain::fromRequest($request);
        $target = $request->query('target');
        $query = parse_url($target, PHP_URL_QUERY);
        $host = $request->query('host');

        $cleanTarget = $target;
        if ($query) {
            // remove "token" from the target's query string
            $params = Util::parseQueryString($query);
            $params['shop'] = $params['shop'] ?? $shopDomain->toNative() ?? '';
            $host = $params['host'];
            unset($params['token']);

            $cleanTarget = trim(explode('?', $target)[0] . '?' . http_build_query($params), '?');
        } else {
            $params = ['shop' => $shopDomain->toNative() ?? ''];
            $cleanTarget = trim(explode('?', $target)[0] . '?' . http_build_query($params), '?');
        }

        $shop_domain = $shopDomain->toNative();

        if (!$request->has('host') && empty($request->get('host'))) {
            if (!empty($host)) {
                $request->merge(['host' => $host]);

                $shop_domain = base64_decode($host);
            }
        }

        return View::make(
            'shopify-app::auth.token',
            [
                'shopDomain' => $shop_domain,
                'target' => $cleanTarget,
            ]
        );
    }

vendor\osiset\laravel-shopify\src\resources\views\layouts\default.blade.php

      var app = createApp({
        apiKey: "{{ \Osiset\ShopifyApp\Util::getShopifyConfig('api_key', base64_decode(\Request::get('host'))) }}",
        shopOrigin: "{{ base64_decode(\Request::get('host')) }}",
        host: "{{ \Request::get('host') }}",
        forceRedirect: true,
      });

vendor\osiset\laravel-shopify\src\Traits\BillingController.php

    /**
     * Processes the response from the customer.
     *
     * @param int $plan The plan's ID.
     * @param Request $request The HTTP request object.
     * @param ShopQuery $shopQuery The shop querier.
     * @param ActivatePlan $activatePlan The action for activating the plan for a shop.
     *
     * @return RedirectResponse
     */
    public function process(
        int          $plan,
        Request      $request,
        ShopQuery    $shopQuery,
        ActivatePlan $activatePlan
    ): RedirectResponse {
        // Get the shop
        $shop = $shopQuery->getByDomain(ShopDomain::fromNative($request->query('shop')));
        if (!$request->has('charge_id')) {
            return Redirect::route(Util::getShopifyConfig('route_names.home'), [
                'shop' => $shop->getDomain()->toNative(),
                'host' => base64_encode($shop->getDomain()->toNative())
            ]);
        }
        // Activate the plan and save
        $result = $activatePlan(
            $shop->getId(),
            PlanId::fromNative($plan),
            ChargeReference::fromNative((int) $request->query('charge_id'))
        );

        // Go to homepage of app
        return Redirect::route(Util::getShopifyConfig('route_names.home'), [
            'shop' => $shop->getDomain()->toNative(),
            'host' => base64_encode($shop->getDomain()->toNative())
        ])->with(
            $result ? 'success' : 'failure',
            'billing'
        );
    }

vendor\osiset\laravel-shopify\src\Http\Middleware\VerifyShopify.php

    /**
     * Undocumented function.
     *
     * @param Request $request The request object.
     * @param Closure $next    The next action.
     *
     * @throws SignatureVerificationException If HMAC verification fails.
     *
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        // Verify the HMAC (if available)
        $hmacResult = $this->verifyHmac($request);

        // if ($hmacResult === false) {
        //     // Invalid HMAC
        //     throw new SignatureVerificationException('Unable to verify signature.');
        // }
        
       ...

from laravel-shopify.

same problem, did you found any solution?

from laravel-shopify.

Yea, I thought this would be a fix for the new URLs but its not for some reason.

        $response->headers->set(
            'Content-Security-Policy',
            "frame-ancestors https://$domain https://admin.shopify.com"
        );

from laravel-shopify.

This line of code works for me now. I have tried.

$shop = Auth::user()->name; return response() ->view('welcome') ->header( 'Content-Security-Policy', "frame-ancestors https://$shop https://admin.shopify.com");

from laravel-shopify.

This line of code works for me now. I have tried.

` $shop = Auth::user()->name;

    return response()

    ->view('welcome')

    ->header( 'Content-Security-Policy',

        "frame-ancestors https://$shop https://admin.shopify.com");`

Thanks for this. I'm going to try this tomorrow.

Do you have a multi page app or single page?

from laravel-shopify.

hi @talktohenryj where do you put this code? i used it on default route but dont work

from laravel-shopify.

hi @talktohenryj where do you put this code? i used it on default route but dont work

No, I didn't @apurbajnu said he figured it out. I'm going to try his code tomorrow.

from laravel-shopify.

@jhaineymilevis, you need to use this with a default route. This one is working on my side. Image

from laravel-shopify.

The latest version of the package provides the Content security policy header on all routes, but this is not giving us this issue. Shopify says it is an issue with the app bridge configuration and the host parameter.

We also opened multiple support tickets to request a dev store on the new admin.shopify.com domain, but they say they can not help us. So there is no way for us to test this :(

This was the latest response from Shopify:
when we tried to open that last request to your /authenticate/token path in a new browser tab, it takes us to the legacy/store domain and They are getting a 500 error from your app if they don’t remove that host value attached to the target parameter, which is for redirection after authenticating.

from laravel-shopify.

@jhaineymilevis, you need to use this with a default route. This one is working on my side. Image

yes i did it, but dont work

from laravel-shopify.

@jhaineymilevis I tested this issue with a fresh laravel + osiset installation.

When you change the shopOrigin value to the new admin domain ex: admin.shopify.com/store/my-store in the AppBridge config in the vendor/osiset/laravel-shopify/src/resources/views/layouts/default.blade.php file, you will not get the error when the app was already authenticated.

This does not work when installing or reinstalling the app.

from laravel-shopify.

Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe?
https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957
*this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg

Could any maintainer take a look at this? 😢

from laravel-shopify.

Hi, I have same problem and I also saw the discord of LaravelShopify, and Vicky pointed a solution maybe? https://discord.com/channels/1027205492155617304/1027205493338427464/1034919275967819957 *this is invitation link to LaravelShopify discord: https://discord.gg/WRRqYgvg
Could any maintainer take a look at this? 😢

Yeah my Apps are working fine. Just do not remove shopOrigin from App Bridge initialization

Thanks a lot. Finally it worked for me after adding shopOrigin.

from laravel-shopify.

@abimwaqas @apurbajnu hihi, I still facing this issue.. Could you tell me which code did you modify?

from laravel-shopify.

from laravel-shopify.

Firstly I use react. So I added SHOPIFY_FRONTEND_ENGINE=REACT. Token router is not needed and config should look like this const config = { apiKey, host, shopOrigin:shopOrigin, forceRedirect: true };

from laravel-shopify.

$shop = Auth::user()->name; return response() ->view('welcome') ->header( 'Content-Security-Policy', "frame-ancestors https://$shop https://admin.shopify.com");

I am facing the similar issue in laravel app. I tried to use this with a default route as @apurbajnu mentioned in routes/web.php file . But I am still getting This app is outdated and will no longer function after Wednesday, September 6, 2023. Contact the app's developer to update the app. message.

Anyone found the solution for this? Please help!

from laravel-shopify.

@developertester786 frame-ancestors is for clickjacking. It has nothing to do with outdated app. Check shopify documentation for host parameter which shopify implemented. You need to pass host parameter with app-bridge initialization. In short remove shopOrigin from default.blade.php inside vendor folder. It might work.

from laravel-shopify.

@deepahir do you have an example approach for react use with this library?

from laravel-shopify.

@filipembcruz with your fix, after /api/authenticate/token, I'm redirected to /admin/admin/apps/API_KEY/api/authenticate/token. Which is not correct. Any help is appreciated

from laravel-shopify.