Upgrade Shopify Ruby App Gem v18.1.1 warning

jschulz · ‎02-16-2022

Hello,

Just got an email from Shopify today that says we are using an outdated version of the Ruby App Gem. We don’t actually use the Ruby App Gem at all. It claims we are making outdated calls to the EASDK. We migrated to AppBridge 2.0 months ago.

How do I find out what is causing this issue? I viewed the recommended guide linked in the email and all it says is:

Version 18.1.1 replaces the deprecated EASDK redirect with an App Bridge redirect when attempting to break out of an iframe. This happens when an app is installed, requires new access scopes, or re-authentication because the login session is expired.

How can I pinpoint the root cause of why Shopify thinks we are using the EASDK still? AFAIK we are doing that…

jschulz · ‎02-25-2022

Ok everybody,

This just in...so the deprecated call in question (in my case) was this:

Shopify.API.remoteRedirect

In our case, we were still using that in a couple of EJS routes for pages that are linked to from outside the main (React + Express) app (ie through our App Extensions for admin and bulk admin links). A illustrate a more complete example for you, were using a snippet of code modeled to us from back in the EASDK days when we first wrote the app:

// Redirect to Orders page in Shopify Admin
document.getElementById('back-to-orders').onclick = function() {
  if (window.top == window.self) {
    // If the current window is the 'parent', change the URL by setting location.href
    window.top.location.href = '<%- shopifyUrl %>/admin/orders';
  } else {
    // If the current window is the 'child', change the parent's URL with postMessage
    message = JSON.stringify({
      message: 'Shopify.API.remoteRedirect',
      data: { location: '<%- shopifyUrl %>/admin/orders' }
    });
    window.parent.postMessage(message, '<%- shopifyUrl %>');
  }
};

The Shopify support specialist informed us that this is deprecated and using it makes it look like:

"This call is coming from an old shopify-app gem or koa-shopify-auth library for Node apps. Please update the library appropriate to your app and this will fix the issue and your app won't be removed for this reason."

So if you are currently using this old method for detecting being inside the Shopify embedded app iframe, be sure to stop using it...if you don't want to be de-listed from the app store. Luckily for us, that's not an important part of our app, simply a convenience feature. I believe it will function just fine without the postMessage call in any case.

Good luck to all and I hope this helps.

View solution in original post

danidaryaweesh · ‎02-16-2022

Hi, we got the exact same email and we are also using version 2.0.3 of Appbridge.

malluAppMaker · ‎02-16-2022

HI,

Me too got the same email. Looking for a solution.

Trace96 · ‎02-16-2022

Me too, I've just received this mail this morning.
Any solution for this?

Galmis · ‎02-17-2022

I received the same warning yesterday, using app bridge 2.0.5. The apps listed in the warning are fairly new (created in mid 2021 or later) and were created as nodejs apps via Shopify cli. So, I don't think they ever used EASDK.

I've done text search in the affected projects and couldn't find anything with "easdk", "ruby" or "gem" in them. Not sure how to work around this or if the warning is safe to ignore.

Trace96 · ‎02-17-2022

So, did you mail to them?

jschulz · ‎02-17-2022

@Trace96 Yes, support asked me to confirm my store info and I'm waiting to hear back what they found. Nothing yet.

jschulz · ‎02-17-2022

I actually just started a chat with Partner Support. They are escalating to a ticket. I'll keep you all posted as to the cause and/or any resolution.

Trace96 · ‎02-17-2022

Hi @jschulz,
Waiting for your solution, thank you!

jschulz · ‎02-22-2022

A quick update for all who are looking for resolution as I am...

I just got a reply from a Partner Support Specialist in response to the Shopify Partner Support chat I started last week. She told me they've checked my app for deprecated calls and found that there had not been any deprecated calls for over 5 months, so she is not sure why I have received the warning email from the team. She also expressed that she is reaching out to the internal team to discuss this and find out what she can for me.

Hopefully will hear something helpful soon.

danidaryaweesh · ‎02-22-2022

Thanks for the update! It sounds like the emails might have been sent out by misstake to some of us.

jschulz · ‎02-24-2022

Well sports fans...

The latest I've been told is that now they believe the email could have been generated because the koa-shopify-auth library will be updated soon and we will need to update our dependency to use the latest version and that they will be sending out communications when the library is updated. And at that time, we will need to update to the latest version.

However, I've communicated to them that this makes me nervous as well because we don't use the koa-shopify-auth library either. It's an unnecessary dependency for our workflow as the app was already written with Express and it would be a substantial refactor for us to change that at this point. And it would be redundant to install both...and we are trying to keep the app as lean as possible for the best performance for our users.

With regard to Shopify auth, we are just implementing the OAuth2 flow ourselves to get the access token the first time, storing it, and then decoding the JWT for manually to secure all other requests.

Here's to hoping that they can give us actual reassurance as to what is causing the problem and that we don't have anything to worry about!

🤞🏻

danidaryaweesh · ‎02-24-2022

Yea that is really worrying since we are not using the koa-shopify-auth library either...

danidaryaweesh · ‎02-25-2022

I'm also getting the warning now in my Shopify Partners panel for the first time

jschulz · ‎02-25-2022

Ok everybody,

This just in...so the deprecated call in question (in my case) was this:

Shopify.API.remoteRedirect

In our case, we were still using that in a couple of EJS routes for pages that are linked to from outside the main (React + Express) app (ie through our App Extensions for admin and bulk admin links). A illustrate a more complete example for you, were using a snippet of code modeled to us from back in the EASDK days when we first wrote the app:

// Redirect to Orders page in Shopify Admin
document.getElementById('back-to-orders').onclick = function() {
  if (window.top == window.self) {
    // If the current window is the 'parent', change the URL by setting location.href
    window.top.location.href = '<%- shopifyUrl %>/admin/orders';
  } else {
    // If the current window is the 'child', change the parent's URL with postMessage
    message = JSON.stringify({
      message: 'Shopify.API.remoteRedirect',
      data: { location: '<%- shopifyUrl %>/admin/orders' }
    });
    window.parent.postMessage(message, '<%- shopifyUrl %>');
  }
};

The Shopify support specialist informed us that this is deprecated and using it makes it look like:

"This call is coming from an old shopify-app gem or koa-shopify-auth library for Node apps. Please update the library appropriate to your app and this will fix the issue and your app won't be removed for this reason."

So if you are currently using this old method for detecting being inside the Shopify embedded app iframe, be sure to stop using it...if you don't want to be de-listed from the app store. Luckily for us, that's not an important part of our app, simply a convenience feature. I believe it will function just fine without the postMessage call in any case.

Good luck to all and I hope this helps.

danidaryaweesh · ‎02-25-2022

Thanks for sharing the tip! We also have that in our app. Do you have any suggestions for what to use instead of window.parent.postMessage? Appreciate any help here.

jschulz · ‎02-25-2022

Well, for our use case it's not that crucial because they are only on pages outside our main (React + Express) app. We only used them on Admin Link and Bulk Admin Link app extensions...but we've simply removed the embedded app check and and just changed those back buttons to change the window.top.location.href instead of utilizing the postMessage to redirect them. It should work fine for our needs but it's not the end of the world if it doesn't.

danidaryaweesh · ‎02-25-2022

Thanks will explore that. Just to be sure here, so the window.parent.postMessage is the issue here right? removing that should remove the warning right?

jschulz · ‎02-25-2022

@danidaryaweesh wrote:
Thanks will explore that. Just to be sure here, so the window.parent.postMessage is the issue here right? removing that should remove the warning right?

@danidaryaweesh Yes and No, the issue is that using this deprecated call is not allowed:

Shopify.API.remoteRedirect

You can technically use postMessage calls, that's valid HTML spec...but don't use the old EASDK (Shopify.API.xxxxx).

Make sense?

danidaryaweesh · ‎02-25-2022

Yes I understand now, but when I removed the Shopify.API.remoteRedirect, then our app stopped working. Is there anything that I can substitute Shopify.API.remoteRedirect with to get the app working, or do I have to re-implement the entire function?

danidaryaweesh · ‎02-26-2022

@jschulz Thanks a lot for the help! We finally managed to remove Shopify.API.xxxx and got the app to work. But as far as I know, it would take 10 days until the warning message disappears if the app doesn't call any deprecated API during that time.

jschulz · ‎03-02-2022

@danidaryaweesh wrote:
@jschulz Thanks a lot for the help! We finally managed to remove Shopify.API.xxxx and got the app to work. But as far as I know, it would take 10 days until the warning message disappears if the app doesn't call any deprecated API during that time.

That's correct @danidaryaweesh . However, I can tell you that I just checked with the support specialist I've been in communication with and, after asking her to check if she's seen any new deprecated calls since I've made the change, she was able to confirm that there were no more deprecated calls after the change. So if you've removed that Shopify.API.remoteRedirect you should be good to go 😊.

danidaryaweesh · ‎03-02-2022

I can confirm the same when I asked Shopify support!

jschulz · ‎02-17-2022

@Trace96 Not yet, please share if you find one.

Upgrade Shopify Ruby App Gem v18.1.1 warning

Shopify Community

Support

Shopify

Quick Links