Upgrade Shopify Ruby App Gem v18.1.1 warning

Solved
jschulz
Shopify Partner
11 1 10

Hello,

 

Just got an email from Shopify today that says we are using an outdated version of the Ruby App Gem. We don’t actually use the Ruby App Gem at all. It claims we are making outdated calls to the EASDK.  We migrated to AppBridge 2.0 months ago.

How do I find out what is causing this issue?  I viewed the recommended guide linked in the email and all it says is:

Version 18.1.1 replaces the deprecated EASDK redirect with an App Bridge redirect when attempting to break out of an iframe. This happens when an app is installed, requires new access scopes, or re-authentication because the login session is expired.

How can I pinpoint the root cause of why Shopify thinks we are using the EASDK still?  AFAIK we are doing that…

Accepted Solution (1)

Accepted Solutions
jschulz
Shopify Partner
11 1 10

This is an accepted solution.

Ok everybody,

 

This just in...so the deprecated call in question (in my case) was this:

 

Shopify.API.remoteRedirect

 

In our case, we were still using that in a couple of EJS routes for pages that are linked to from outside the main (React + Express) app (ie through our App Extensions for admin and bulk admin links).  A illustrate a more complete example for you, were using a snippet of code modeled to us from back in the EASDK days when we first wrote the app:

 

// Redirect to Orders page in Shopify Admin
document.getElementById('back-to-orders').onclick = function() {
  if (window.top == window.self) {
    // If the current window is the 'parent', change the URL by setting location.href
    window.top.location.href = '<%- shopifyUrl %>/admin/orders';
  } else {
    // If the current window is the 'child', change the parent's URL with postMessage
    message = JSON.stringify({
      message: 'Shopify.API.remoteRedirect',
      data: { location: '<%- shopifyUrl %>/admin/orders' }
    });
    window.parent.postMessage(message, '<%- shopifyUrl %>');
  }
};

 

The Shopify support specialist informed us that this is deprecated and using it makes it look like:

 

"This call is coming from an old shopify-app gem or koa-shopify-auth library for Node apps. Please update the library appropriate to your app and this will fix the issue and your app won't be removed for this reason."

 

So if you are currently using this old method for detecting being inside the Shopify embedded app iframe, be sure to stop using it...if you don't want to be de-listed from the app store.  Luckily for us, that's not an important part of our app, simply a convenience feature.  I believe it will function just fine without the postMessage call in any case.

 

Good luck to all and I hope this helps.

View solution in original post

Replies 23 (23)
danidaryaweesh
Shopify Partner
9 0 9

Hi, we got the exact same email and we are also using version 2.0.3 of Appbridge. 

malluAppMaker
Shopify Partner
7 1 2

HI,

 

Me too got the same email. Looking for a solution.

Trace96
Tourist
3 0 3

Me too, I've just received this mail this morning.
Any solution for this?

Galmis
Shopify Partner
12 0 4

I received the same warning yesterday, using app bridge 2.0.5. The apps listed in the warning are fairly new (created in mid 2021 or later) and were created as nodejs apps via Shopify cli. So, I don't think they ever used EASDK.

 

I've done text search in the affected projects and couldn't find anything with "easdk", "ruby" or "gem" in them. Not sure how to work around this or if the warning is safe to ignore. 

Trace96
Tourist
3 0 3

So, did you mail to them?

jschulz
Shopify Partner
11 1 10

@Trace96   Not yet, please share if you find one.

jschulz
Shopify Partner
11 1 10

@Trace96  Yes, support asked me to confirm my store info and I'm waiting to hear back what they found.  Nothing yet.

jschulz
Shopify Partner
11 1 10

I actually just started a chat with Partner Support.  They are escalating to a ticket.  I'll keep you all posted as to the cause and/or any resolution.

Trace96
Tourist
3 0 3

Hi @jschulz,
Waiting for your solution, thank you!

jschulz
Shopify Partner
11 1 10

A quick update for all who are looking for resolution as I am...

 

I just got a reply from a Partner Support Specialist in response to the Shopify Partner Support chat I started last week.  She told me they've checked my app for deprecated calls and found that there had not been any deprecated calls for over 5 months, so she is not sure why I have received the warning email from the team.  She also expressed that she is reaching out to the internal team to discuss this and find out what she can for me.

 

Hopefully will hear something helpful soon.

danidaryaweesh
Shopify Partner
9 0 9

Thanks for the update! It sounds like the emails might have been sent out by misstake to some of us. 

jschulz
Shopify Partner
11 1 10

Well sports fans...

 

The latest I've been told is that now they believe the email could have been generated because the koa-shopify-auth library will be updated soon and we will need to update our dependency to use the latest version and that they will be sending out communications when the library is updated.  And at that time, we will need to update to the latest version.

 

However, I've communicated to them that this makes me nervous as well because we don't use the koa-shopify-auth library either. It's an unnecessary dependency for our workflow as the app was already written with Express and it would be a substantial refactor for us to change that at this point. And it would be redundant to install both...and we are trying to keep the app as lean as possible for the best performance for our users.

 

With regard to Shopify auth, we are just implementing the OAuth2 flow ourselves to get the access token the first time, storing it, and then decoding the JWT for manually to secure all other requests.

 

Here's to hoping that they can give us actual reassurance as to what is causing the problem and that we don't have anything to worry about!

 

🤞🏻

danidaryaweesh
Shopify Partner
9 0 9

Yea that is really worrying since we are not using the koa-shopify-auth library either...

danidaryaweesh
Shopify Partner
9 0 9

I'm also getting the warning now in my Shopify Partners panel for the first time

jschulz
Shopify Partner
11 1 10

This is an accepted solution.

Ok everybody,

 

This just in...so the deprecated call in question (in my case) was this:

 

Shopify.API.remoteRedirect

 

In our case, we were still using that in a couple of EJS routes for pages that are linked to from outside the main (React + Express) app (ie through our App Extensions for admin and bulk admin links).  A illustrate a more complete example for you, were using a snippet of code modeled to us from back in the EASDK days when we first wrote the app:

 

// Redirect to Orders page in Shopify Admin
document.getElementById('back-to-orders').onclick = function() {
  if (window.top == window.self) {
    // If the current window is the 'parent', change the URL by setting location.href
    window.top.location.href = '<%- shopifyUrl %>/admin/orders';
  } else {
    // If the current window is the 'child', change the parent's URL with postMessage
    message = JSON.stringify({
      message: 'Shopify.API.remoteRedirect',
      data: { location: '<%- shopifyUrl %>/admin/orders' }
    });
    window.parent.postMessage(message, '<%- shopifyUrl %>');
  }
};

 

The Shopify support specialist informed us that this is deprecated and using it makes it look like:

 

"This call is coming from an old shopify-app gem or koa-shopify-auth library for Node apps. Please update the library appropriate to your app and this will fix the issue and your app won't be removed for this reason."

 

So if you are currently using this old method for detecting being inside the Shopify embedded app iframe, be sure to stop using it...if you don't want to be de-listed from the app store.  Luckily for us, that's not an important part of our app, simply a convenience feature.  I believe it will function just fine without the postMessage call in any case.

 

Good luck to all and I hope this helps.

danidaryaweesh
Shopify Partner
9 0 9

Thanks for sharing the tip! We also have that in our app. Do you have any suggestions for what to use instead of window.parent.postMessage?  Appreciate any help here. 

jschulz
Shopify Partner
11 1 10

Well, for our use case it's not that crucial because they are only on pages outside our main (React + Express) app.  We only used them on Admin Link and Bulk Admin Link app extensions...but we've simply removed the embedded app check and and just changed those back buttons to change the window.top.location.href instead of utilizing the postMessage to redirect them.  It should work fine for our needs but it's not the end of the world if it doesn't.

danidaryaweesh
Shopify Partner
9 0 9

Thanks will explore that. Just to be sure here, so the window.parent.postMessage is the issue here right? removing that should remove the warning right? 

 

jschulz
Shopify Partner
11 1 10

@danidaryaweesh wrote:

Thanks will explore that. Just to be sure here, so the window.parent.postMessage is the issue here right? removing that should remove the warning right? 

 


@danidaryaweesh  Yes and No, the issue is that using this deprecated call is not allowed:

 

Shopify.API.remoteRedirect

 

You can technically use postMessage calls, that's valid HTML spec...but don't use the old EASDK (Shopify.API.xxxxx).

 

Make sense?