Lazy Question. When oAuth goes CSRF fail, what was the solution

Highlighted
Shopify Expert
4265 32 434

So my logs were suddenly oAuth Failed, CSRF

No rhyme no reason, just failing... so I jammed a quick

     provider_ignores_state: true

in my oAuth config block and things worked again. Of course that is a security thing, but I am not terribly worried as this is a single client very specialized App, not some public behemoth. So my question is, when you start seeing that oAuth fail again... what is causing that? Something changed? This is Shopify API library 9.2 and latest Rack, with all the fixes for Chrome Samesite cookie.

 

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
0 Likes
Highlighted
Shopify Expert
4265 32 434

Never mind. I went back to allowing state, as it all works. Was actually a bug in a different part of the oAuth flow causing the catch-all-because-this-has-never-really-been-fleshed-out-well CSRF error. Was actually a cookie problem.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
0 Likes