Embedded admin app not redirecting on 301

Shopify Partner
3 0 0


We have an embedded admin app that has suddenly stopped working without any changes to the underlying code.

The app allows our client to impersonate customers. From Shopify our app (which is just an api endpoint) takes in a customers hmac, id, locale, session, shop, and timestamp. The app returns a 301 with a correct location header. 

Copying the location header into a browser or using the app on the store front end and manually going to that location works as expected. 

The issue is that in the embedded app the redirect never happens.

Is there anyway to get this redirect to work in the embedded admin app?

Shopify Staff
Shopify Staff
834 98 183

Hey @Benjamin_Waldro,

Did this stop working in all browsers at the same time? I'm not aware of any changes that would've caused this, but there's a few things we can check.

First please provide the name of your app, I'll install it and test in my browser. 

As well, can you confirm if you're using any javascript to perform the redirect, or is this just happening from the location header? Since the app is being served in an iframe, I wouldn't have expected the location redirect to escape the iframe, the best way to do this is with JS. If you haven't already, you might want to consider redirecting the user to another page in your app, and have that page perform the redirect using JS. 

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Shopify Partner
3 0 0

Hello @_JB 

Yes this is no longer working in any tested browser (Chrome, FireFox, Edge, Safari). 

"Impersonate Customer (Dolfin)" is the name of our unpublished app. 
We are not using javascript to perform the redirect just the location header from the 301. 

Ideally we don't want the redirect to escape the iframe. It should just serve the page within the admin UI.

An update, I've found that one of our apps is functioning correctly now but on other sites the redirect still does not happen and I'm getting a multipass error when I try to directly access the location header url. 

"Your Multipass request token has already been used before in another session"


On another note I've also the checked the same request url being send to our api from the app and it is correctly taking in the information and redirecting to the proper customer page without error. The only real issue is that this is not working within the admin UI.