Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
I would like to restrict access to checking out products on a store such that users can only buy from me if currently located in a specified location, for example New York. To be clear, I'm not trying to restrict shipping addresses as I want tourists and visitors to be able to purchase in the event their geolocation shows that they are in New York, as per our example.
I've already implemented such a thing with the Google Geolocation API as well as JQuery on my add product button, causing a redirect. However, I would like this on the entire checkout not product by product. Furthermore, because it's on the frontend, can't anyone tech savvy just spoof a location with JavaScript on their developer console? Ideally, I would like to implement a backend middleware for the sake of security, but there seems to be no way to extend Shopify like that. Even if there was such a thing, I'm still not sure how the geolocation would be determined without interference from the frontend.
@mbrahimi02 wrote:Furthermore, because it's on the frontend, can't anyone tech savvy just spoof a location with JavaScript on their developer console?
Yes. Even if you have money to burn you cannot beat that reality unless they are physically present somewhere you control, such as a convention or dynamic billboard|adspace.
You may need the carrier service api to reject orders during checkout, or possibly be on shopifyPlus with a either a modifed checkout template or checkoutscripts.
Contact paull.newton+shopifyforum@gmail.com for the solutions you need
Save time & money ,Ask Questions The Smart Way
Problem Solved? ✔Accept and Like solutions to help future merchants
Answers powered by coffee Thank Paul with a ☕ Coffee for more answers or donate to eff.org
In my honest opinion, I think the Shopify documentation is a little bit disorganized and too sparse in places. It's hard to find exactly what you need if it's even possible, and even if you manage to do some of the names of the APIs are too close to determine what you actually need. In any case, I looked into both of those and they don't really offer and real solutions from what I can gather. Again, my solution works but it's just really crude