App Proxy Fails Due to CORS Errors In Theme Customizer

ShopDoctors
Excursionist
29 1 0

What is the problem?

I have a couple of public apps. It was brought to my attention that on some shops, the apps do not load inside the Theme Customizer.

 

Full Description / Reproducing the Problem

1. Have a test shop that has a read domain. The problem does not occur on shops that are only served on myshopify.com!

2. An app's JavaScript loads inside the iframe of the shop's storefront, generated inside the Theme Customizer.

     The iframe uses https://[shop_slug].myshopify.com, not the real domain!

3. The app makes a call to the /apps/[app_slug]/some-route app proxy route. 

4. The request is made to https://[shop_slug].myshopify.com/apps/[app_slug]/some-route - so far so good

5. Shopify's API automatically returns a 301 redirect to https://[REAL-SHOP-DOMAIN]/apps/[app_slug]/some-route - OK... but this would only work if CORS worked too.

6. The browser make an OPTIONS request to https://[REAL-SHOP-DOMAIN]/apps/[app_slug]/some-route - OK... my app is ready for it!

7. Shopify's API does NOT forward this to the app, instead it automatically responds with a 405 (Method not allowed)

Because the options request failed, no other API calls through the app proxy are allowed...

 

I have tested using a request method that would result in a 405 from the app's backend, and those have a different 405 error message - generated by the app.

The 405 error message in the CORS flow is coming from Shopify's backend, so nothing is even reaching the app.

 

Please advise!

0 Likes
ShopDoctors
Excursionist
29 1 0

Sorry about the typo. That was supposed to read "Have a test shop that has a real domain".

0 Likes
ShopDoctors
Excursionist
29 1 0

Any feedback? Is this a known problem? Is there any plan for resolving this? I need to update the shop owner who identified the problem.

Thank you in advance for any help!

0 Likes