We have an embedded admin app that has suddenly stopped working without any changes to the underlying code.
The app allows our client to impersonate customers. From Shopify our app (which is just an api endpoint) takes in a customers hmac, id, locale, session, shop, and timestamp. The app returns a 301 with a correct location header.
Copying the location header into a browser or using the app on the store front end and manually going to that location works as expected.
The issue is that in the embedded app the redirect never happens.
Is there anyway to get this redirect to work in the embedded admin app?
Did this stop working in all browsers at the same time? I'm not aware of any changes that would've caused this, but there's a few things we can check.
First please provide the name of your app, I'll install it and test in my browser.
Yes this is no longer working in any tested browser (Chrome, FireFox, Edge, Safari).
"Impersonate Customer (Dolfin)" is the name of our unpublished app.
Ideally we don't want the redirect to escape the iframe. It should just serve the page within the admin UI.
An update, I've found that one of our apps is functioning correctly now but on other sites the redirect still does not happen and I'm getting a multipass error when I try to directly access the location header url.
"Your Multipass request token has already been used before in another session"
On another note I've also the checked the same request url being send to our api from the app and it is correctly taking in the information and redirecting to the proper customer page without error. The only real issue is that this is not working within the admin UI.