Ive a read a lot of posts around this subject, but none of them have helped so far. Im building a custom app, it loads in the shopify apps section fine and works as it should. I have two pricing tiers, and so I I have a page where a user can see their current plan, and click on the other plan if they wish. Doing so generates a subscritpion charge link, and re-directs the user to the shopifyu confirmation window (breaking out of the frame). This works, most of the time. But Ive found that roughly every 4th attempt is failing. The user is successfully redirected and sees the details of the charge, they confirm and are redirected back to my app, but this redirect is failing sometimes. It only seems to happen if i go into the app and continually switch plans, but this has been enough for me to fail the review process.
From what I can see, when shopify redirects back to my app, its initialising the oAuth 1st step, this appears to be working - but it never calls my redirect url, instead I get this error
Refused to display 'https://xxxx.myshopify.com/admin/apps?app_id=xxxx&oauth_error=same_site_cookies' in a frame because it set 'X-Frame-Options' to 'deny'.
What i dont understand, is the URL its complaining about in the message, is of course a shopify URL. And i dont undestand why the process works a lot of the time without issue, but drops out occassionally.
From what Ive read it seems that this could be to do with how I break out of frames when I redirect to the charge, or it could be to do with response headers coming back from my app, but if thats the case why would the error be intermittant?
Ive coded my own custom logic to handle the oauth in a serverless way, so a lot of the standard docs dont offer much help, does anyone have any ideas?
If you're having trouble with the billing API, please provide an install link, or instructions so that I can replicate the issue on my end. Feel free to DM if necessary.