X_FORWARDED_FOR and X_REAL_IP header in application proxy no longer sending correct ip address

Andrew-Corknine · ‎12-06-2019

Starting today, a request to application proxy is no longer sending the correct IP address in the X_FORWARDED_FOR header or the X_REAL_IP header. Until today these headers contained it IP of request to the shopify page. As of today it seems these are containing shopify IP addresses.

These headers are still documented on https://help.shopify.com/en/api/guides/application-proxies

We had no notice of this change and it is causing a breaking change to our app. How can we reliably get the requesting users ip address from the request through an application proxy page.

Andrew-Corknine · ‎12-06-2019

Investigating the request it looks like I am now able to get the requesting user ip from the HTTP_CF_CONNECTING_IP header, however I need a way of getting this that does not change.

Can someone from Shopify let us know a reliable unchanging way to get this information going forward?

James154 · ‎12-10-2019

I'm having the same problem. HTTP_X_FORWARDED_FOR should have list of IP addresses. Now it has only 1 ip - that ip belongs to shopify.

I'm using app proxy, so I can't get user ip anymore.

_JB · ‎12-10-2019

Hey @James154 and @Andrew-Corknine,

Thanks for reporting this issue, our developers just shipped a fix which restores the expected IP in these headers, so you should be seeing the expected values now. Please don't hesitate to reach out if there are any questions.

JB | Solutions Engineer @ Shopify
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

X_FORWARDED_FOR and X_REAL_IP header in application proxy no longer sending correct ip address

Shopify Community

Support

Shopify

Quick Links