I am in the middle of creating a public app that is currently unlisted. To aid with development I make use of a local tunneling composer package by beyondcode called Expose. I prefer using this over ngrok as I get a choice of a subdomain without needing to pay for a licence.
Aside from successfully using an exposed URL for webhooks, I would also like to use it for an App Proxy, but I am having an issue with that at the moment.
For some peculiar reason, sending a request through to the App Proxy going to the Exposed URL returns a redirect to the Expose docs, which is the behaviour seen when you go to the root domain of the tunnel: sharedwithexpose.com.
My App Proxy set up is like so, including an example request:
Prefix and path: /apps/my-cool-app
Proxied URL: https://my-cool-app.sharedwithexpose.com/api/shopify
If I make a frontend request (on a Shopify storefront that has the app installed: development store with password enabled) to a known route on my API, for example:
/apps/my-cool-app/add (expected to be proxied to the above path: /api/shopify/add)
I get a response exactly like what would be expected if I was to visit sharedwithexpose.com. On the console and dashboard which logs requests to the server, there are no hits at all, so Shopify doesn't even try to hit the subdomain on that tunnel.
Let me know if more info is necessary, I think I covered all bases there.
EDIT: ngrok works, by the way, which is even more peculiar as that uses subdomains for tunneling too. I'd rather use expose if possible so I wanted to report it if anything.
As it turns out, there was a bug in Expose that was using another package to detect what the host of the request was. It was expecting the X_FORWARDED_HOST header to have a value similar to how the sharedwithexpose.com URLs are made but was actually the myshopify URL, so it redirected to the root domain as a fallback.
Fixes are being put in place to resolve this, but tl;dr: nothing to do with Shopify, the developers of Expose are aware of the issue and is getting fixed.