Strange Redirect Loop In Safari and Firefox Only When Accessing My App

Solved
Highlighted
Tourist
6 1 0

 Strange redirect when accessing my app only on Safari and Firefox browsers. Not sure where it is coming from as its not related to any of the apps redirects. Anyone seen this before?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
619 76 139

Hey @ScottAdrian,

 

Looks like the video is set to private so I'm not able to see it. Can you tell me the name of your app? We've received a few similar reports regarding this issue, so far the solution has been to update your app-bridge or koa-shopify-auth packages if you're using them. If you're not using these packages, can you confirm that your app uses the flow described in this article to escape the iframe before redirecting to oauth?

JB | Developer Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

0 Likes
Highlighted
Tourist
6 1 0

@_JB Sorry about that I made the video public. The app is called "ShareThis Share Buttons" https://apps.shopify.com/sharethis-share-buttons any help is appreciated. I can't find the issue.

0 Likes
Highlighted
Tourist
6 1 0

@_JB I have enabled App Bridge. My app redirects people to their admin and then if inside of an iframe it redirects to the main app admin page hosted by my site. I'm not doing anything with the shopify's oath redirect, but the app works fine in Chrome without all the redirects you see from the video.

0 Likes
Highlighted
Shopify Staff
Shopify Staff
619 76 139

Hey @ScottAdrian,

 

Which version of app bridge are you using?

JB | Developer Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

0 Likes
Highlighted
Tourist
6 1 0

@_JB I'm not sure. I just enabled  App bridge in "extensions". I'm not directly interacting the the app bridge. The only API calls I use are

oauth/access_token

and

/api/2019-10/script_tags.json

 

 

0 Likes
Highlighted
Shopify Partner
12 0 2

I think I have the same issue. In Chrome all seems to be right, and in Firefox I can`t open my app.

When I'm trying to open app in Firefox (73.0.1) I observe one of the two possible scenarios:

  • Endless login redirect loop as you described above
  • Firefox error message
    Blocked by Content Security Policy. An error occurred during a connection to nursery-dev-store.myshopify.com.

I've inspected network activity during this and discovered that it's different from Chrome.

 

In Chrome merchant redirected to my app's callback URL after authorisationIn Chrome merchant redirected to my app's callback URL after authorisationIn Firefox merchant redirected to login page and doesn't come back to app's callback anymoreIn Firefox merchant redirected to login page and doesn't come back to app's callback anymore

One of my hypothesis is that Firefox blocks some cookies, enforcing Shopify to login users.

I think those cookies are blockedI think those cookies are blocked

 

In my app I don't use ShopifyApp or AppBridge to authorize users. I just only redirect users to https://${shop}/admin/oauth/authorize and pass redirect_uri as a query parameter

0 Likes
Highlighted
Shopify Staff
Shopify Staff
619 76 139

Hey @mellon_collie,

 

We're investigating a few different reports of this issue. So far we've identified a few cases that were caused by the app redirecting to Shopify's OAuth URL from within the iframe, instead of escaping the frame first. 

 

When you redirect the user to Shopify's OAuth URL, this needs to happen at the parent level escaped from the iframe. Otherwise, the redirect will occur within the frame and will be blocked because the admin doesn't allow CORS. We have a guide here with the recommended auth flow.

 

Can you confirm if your app is already doing this? If not, you can implement the steps outlined in the guide, and please post back here to let us know how that worked out.

JB | Developer Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

0 Likes
Highlighted
Shopify Partner
7 0 1

We are getting the same issue, I'm using React+Node from the tutorial.

It keeps redirecting after we update my chrome browser to the latest version.

 

This is what I'm using in my app.js:

const config = {apiKey: API_KEY, shopOrigin: Cookies.get("shopOrigin"), forceRedirect:true};

 

If I let forceRedirect:false, it stop redirecting but the app displays outside the iframe in a new tab.

0 Likes
Tourist
6 1 0

Hey @_JB I DM'd you the code our app is using. Let me know if that helps.

0 Likes