Description of a situation:
We have 2 sites: company.com and shop.company.com. shop.company.com is a Shopify site, company.com is an independent site on Zend framework.
On shop.company.com we have product details page, cart and checkout. On company.com we have various products lists (catalog, recommendations, etc). Currently our customers can add product to cart only from product details page that is located on Shopify based site. But we want to add ability of adding products to cart also from products lists that is located on company.com that is not Shopify site.
We are using AJAX Cart API for this. And it works for shop.company.com, but not for company.com because of CORS restrictions.
1. I tried to solve this using AWS API Gateway as proxy and I was succeed, but I still have issue with cookies. I created a proxy server shop-api.company.com and it works as expected except one point - browser don't send cookie secure_customer_sig, because it was set for shop.company.com. So, our proxy must be located on shop.company.com domain only, but it's impossible.
Seems that the last solution should work, but I want to ask you - may be we have more simple option to reach this? May be with private app or we can allow CORS for our domain somehow...
I tried to implement options 2 and 3.
2. Shopify buy button creates it's own cart on company.com that is independent from cart on shop.company.com. But we want to have a single cart that will work for both sites: company.com and shop.company.com
3. iframe doesn't work because shopify has header x-frame-options: deny for all it's pages.
After testing last options seems that this is impossible. Do we have any other options?