Conversations about creating, managing, and using metafields to store and retrieve custom data for apps and themes.
I have a group of PHP scripts that interact with a handful of stores that sell our product. I import the orders, update tracking, and feed our inventory. These are all private apps that only run on our server.
Out of nowhere today, I started getting this error "{"errors":"For security reasons, requests using HTTP Basic Authentication cannot include cookies."}" when trying to use any POST requests (update tracking, inventory), I get this error.
I have no cookies that I am aware of, this is the CURL request for tracking:
$curl = curl_init();
curl_setopt_array($curl,[
CURLOPT_URL => $shopURL,
CURLOPT_RETURNTRANSFER=>1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_HTTPHEADER=>array(
"Content-Type: application/json",
"accept: application/json"
),
CURLOPT_POSTFIELDS=>$dataString
]);
//perform request
$result = curl_exec($curl);
Did something change? I can not find any changelog entries hinting at this, it just started for me around 11am EST 1/5/2020.
Yes, I think I just started seeing this too around 11 a.m. The server is responding with a 301 (which our code follows implicitly) that takes you to a weird login page. I can see the same cookie message in Postman, but the cookies dialog is empty and as far as I'm aware, no cookies are being sent.
Me too, I ran a similar test with postman and have the same result.
Well thank god it is not just me, is there an outlet for reporting these issues?
I'm seeing it as well. The replies for Shopify Support on Twitter are lit up with this issue.
Happening for us as well.
Yup, status page finally updated reporting this issue: https://www.shopifystatus.com
This issue now appears on the Shopify status page --> https://www.shopifystatus.com/incidents. Definitely a kink in the Matrix.
Yep, unable to POST to metafields or customers. Getting back and HTML page instead of the typical API JSON response.
Seeing the same here, working for months until about 2 hours ago, I was head scratching to see if I'd missed an API update that broke my code. I'm getting: "Error: For security reasons, requests using HTTP Basic Authentication cannot include cookies." - this was working fine, its resulting from trying to create a Customer (with metafields) via PHP
The status page indicates it's up again now. Haven't tried it yet, but that's what it says at least...
Just tried it there, and its working now again for me, thanks to whomever sorted it out!
Working for me as well again.
I'm curious if this was a future change accidentally rolled out too soon (and since reverted), thus I will need to make changes to my code at some point anyways?
For OP, something like this should clear out the cookies before a request:
curl_setopt( $ch, CURLOPT_COOKIELIST, 'ALL' );
But I'm not sure if the API did pass a Set-Cookie header, and the no-cookies rule was then being randomly enforced by the API, or what happened since it resolved before I could collect enough data from this inherited app.
The weird thing is that shopify said they made this change back in 2017:
I am guessing there was some code released that was incorrectly falsely flagging every request as having cookies, because the requests we were sending certainly did not have cookies but were still getting 301 redirected.
Thanks. I noticed that too for the change in 2017.
This private app didn't have explicit code to clear any cookies before the next API request, so I wasn't certain if it was possibly sending a cookie it received from the Shopify API, or not.
It has the code now to clear out any cookies before each request in the mean time, which hopefully is fine until this app can be rebuilt.
We have experienced the same issue on 12th Jan from 2.15.45 pm to 2:32:20 pm EST .Has anyone also experienced the same ?
I did not see this issue on the 12th personally
We are recently experiencing this issue for the first time. Thus far we only had it with post requests to the `/fulfillments.json` endpoint. We don't get errors on every request.
We double checked and determined that we don't send any cookies with the request. The issue occurred the last few days at the following times:
09-06-2021 16:37:54 CEST
09-06-2021 16:38:31 CEST
09-06-2021 19:23:33 CEST
09-06-2021 19:25:20 CEST
10-06-2021 07:39:10 CEST
10-06-2021 07:39:55 CEST
10-06-2021 08:56:17 CEST
Got same issue
Same issue 9/9/2021 when posting product images to /admin/api/2021-07/products/xxx/images.json
Can confirm we're getting this as well as of approximately 11am EST
I just had a confirmation from a Shopify Plus support agent that there is an issue with Admin API since around 2 hours.
See attached chat capture :
Guys any updates??? im having this issue. Does anyone has this issue?