POST to Products Returns Login Page

New Member
4 0 0

I am able to submit GET and PUT requests without any problem and everything was working great for months then, all of the sudden, when sending a POST request to create a new product, the response I get is a scripted HTML page redirecting me to a login page instead of the JSON response I am used to.  I scoured this forum extensively and the only thing I could find was Shopify tends to implement a security policy that redirets POST requests using basic authentication if there is a cookie in the header.  So I spent most of the day working on this and, eventually wrote a script that would query the request headers being sent to Shopify.  Turns out, there is no request header for "Cookie" being sent to shopify.  I am using WinHttpRequest on a Windows Server 2008 R2.  Has been working beautifully with the Shopify API for over a year now.  This same method is used for currently successful GET and PUT requests.  On a POST request I expect a 201 response with JSON but instead I get a 200 response with a javascript redirect to a shopify login page.

 

Here is my code.

 

Set objHttp = Server.CreateObject("Winhttp.WinhttpRequest.5.1")
v1 = objHttp.SetTimeouts(120000,120000,120000,120000)
v1 = objHttp.Open(httpMeth,urlRef,True)
v1 = objHttp.SetCredentials(ecomUserId,ecomPass,0)
v1 = objHttp.SetRequestHeader("Content-Type","application/json")
v1 = objHttp.Send(strJson)
v1 = objHttp.WaitForResponse(120)
httpStatus = objHttp.Status
httpResponse = objHttp.ResponseText

 

Store: rugbyfit.myshopify.com

0 Likes
Shopify Expert
9778 86 1524

Sure those no cookies being sent? That's the very likely cause here. You're really testing my memory - it's been a loooong time - but I feel like you can pass an param to the WinHttpSetOption function to remove them. If you're not doing that then cookies will be added automatically.

 

There's another approach if you need it but I'd look at the above first.

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
1 Like
New Member
4 0 0

Jason, Well, I'm pretty sure.  I wrote a script on my server that inspects all of the request headers from a POST request and returns those back to the client.  This is located at www.myrugbyfit.com/rugbyportal/testheaders.asp which you can try if you want just so you can see what we're working with.  You will see all of the request headers that your browser is sending to our server, including any Cookies.

 

So, all I did was change the URL in my Shopify code to that test page so I could see what headers were being sent from my 2008R2 Server using WinHTTPRequest.5

 

Here is the code, notice the change in the URL to my test page but everything else is identical including the Content-Type and Authentication....

=======================================================

Set objHttp = Server.CreateObject("Winhttp.WinhttpRequest.5.1")
v1 = objHttp.SetTimeouts(120000,120000,120000,120000)
v1 = objHttp.Open("POST","http://www.myrugbyfit.com/rugbyportal/testheaders.asp",True)
v1 = objHttp.SetCredentials(ecomUserId,ecomPass,0)
v1 = objHttp.SetRequestHeader("Content-Type","application/json")
v1 = objHttp.Send(httpStr)
v1 = objHttp.WaitForResponse(120)

 

Here is the result which I believe are the only headers that Shopify should be receiving on our POST requests since I'm using the same code (only the URL changed)  so there are 6 Request Headers "Connection, Content-Length, Content-Type, Accept, Host, and User Agent" there's no Cookie header.

=======================================================

Connection: Keep-Alive
Content-Length: 1507
Content-Type: application/json; Charset=UTF-8
Accept: */*
Host: www.myrugbyfit.com
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

 

So, just for kicks, I added a Cookie Request Header to the code and, naturally, I did get the expected response.  Here's that code, note the addition of the Cookie header...

=====================================================================

Set objHttp = Server.CreateObject("Winhttp.WinhttpRequest.5.1")
v1 = objHttp.SetTimeouts(120000,120000,120000,120000)
v1 = objHttp.Open("POST","http://www.myrugbyfit.com/rugbyportal/testheaders.asp",True)
v1 = objHttp.SetCredentials(ecomUserId,ecomPass,0)
v1 = objHttp.SetRequestHeader("Content-Type","application/json")

v1 = objHttp.SetRequestHeader("Cookie","Message=Hello_Shopify_This_Cookie_Is_Intentional")

v1 = objHttp.Send(httpStr)
v1 = objHttp.WaitForResponse(120)

 

And here's the response from the test page....

=========================================================

Connection: Keep-Alive
Content-Length: 1507
Content-Type: application/json; Charset=UTF-8
Accept: */*

Cookie: Message=Hello_Shopify_This_Cookie_Is_Intentional
Host: www.myrugbyfit.com
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

 

So, looking at the first test, which is the actual code being used by our Shopify program only the URL changed, I'm inclined to say that our server is not sending a Cookie request header in our POST.  Is there any way you guys can see what's happening on your end.  Just to reiterate, all other requests GET and PUT are successful so authentication seems to be working.  And, we made no change in our code from one day to the next and this problem just cropped up this week without any changes to our server environment or code.

 

Let me know what you think please.  We're at a standstill here.

0 Likes
New Member
4 0 0

I would love to get some support here.  Is there another means to get support for my issue.  I have spent hours on the community forums, using information learned from that research to do my own investigating and we are at a standstill.  All other features are working fine GET and PUT requests.  However, POST requests are redirecting to a login page with 200 status instead of returning JSON with 201 status.  I'm told that sending cookies in the request can do this but we have verified that we are not sending cookies with our requests (see trailing posts).  If anyone can assist, that would be great!

 

Thanks!

0 Likes

Hi @Todd_Wunsch,

 

Did you manage to resolve this?

META - Shopify Experts
www.meta.co.uk
0 Likes

C# - quick workaround:

 

var httpClient = new HttpClient(new HttpClientHandler
{
     UseCookies = false
});

 

This turns off cookies - surprisingly this worked - and did confirm that the Http Client was enabling cookies as all our requests worked instantly from this point onwards.

Referenced Shopify update: https://community.shopify.com/c/API-Announcements/Shopify-now-prevents-HTTP-Basic-Auth-POST-requests...

META - Shopify Experts
www.meta.co.uk
0 Likes
New Member
3 0 0

i am having the same issue

0 Likes
New Member
3 0 0

Please help me out 

 

image.png

0 Likes