FROM CACHE - en_header
New Shopify Certification now available: Liquid Storefronts for Theme Developers

Billing Redirect in APP (PHP)

Solved
sebastiandev
Shopify Partner
43 1 12
‎03-31-2023 08:28 AM

I am creating a new app using PHP (Symfony) and React, taking inspiration from the Laravel APP located at https://github.com/Shopify/shopify-app-template-php. However, I am facing a specific issue and do not have any idea what the problem might be.

When I click on the URL in the console after calling npm run dev, everything works great and I am redirected to the Shopify Charge Confirmation page. However, the problem occurs when I open the app in the Admin panel, and the current installation does not have an active charge. Then I notice a strange behavior:

  1. I click on the app name to open it.
  2. I see a request to my app in the console: https://xxx.ngrok.io/?embedded=1&hmac=...&host=...&locale=en-US&session=...&shop=...&timestamp=16802...
  3. In the response, I can see a redirect 302 to the charge page: https://xxx.com/admin/charges/X/Y/RecurringApplicationCharge/confirm_recurring_application_charge?si......
  4. I can see an empty page (my app is not loaded) and an error in the console: "Refused to load https://xyz.myshopify.com/admin/auth/login because it does not appear in the frame-ancestors directive of the Content Security Policy."

I don't have any idea how to fix this issue.

Labels:
1,031 Views
0 Likes
Report
Accepted Solution (1)
okur90
Shopify Partner
126 20 16
‎04-01-2023 02:33 AM

This is an accepted solution.

The issue you're experiencing is related to Shopify's Content Security Policy (CSP). When you try to load the charge confirmation page within the Shopify admin panel, it's being blocked due to the CSP restrictions.

 

To fix this issue, you should handle the billing process in a way that it opens in a new window or a full-page redirect, rather than within the embedded app frame.

 

When the app is loaded and you detect that there's no active charge, send a message from the app frontend (React) to the backend (PHP Symfony) to initiate the billing process.

 

In your PHP Symfony backend, create a route that handles the billing process. This route should redirect the user to the charge confirmation page with a full-page redirect, instead of returning a 302 redirect.

 

In your React frontend, listen for the response from the backend and use the `window.top.location.href` property to perform the full-page redirect. This will open the charge confirmation page in the parent window, bypassing the CSP restrictions.

 

// Receive the response from your backend containing the charge confirmation URL
const chargeConfirmationUrl = response.data.url;

// Perform the full-page redirect
window.top.location.href = chargeConfirmationUrl;

 

You can avoid the CSP issue with this approach and allow users to see the charge confirmation page without any errors.

Code Slingin, Pixel Wranglin - Laugh it up at onlinex.com.au

View solution in original post

993 Views
Report
Replies 2 (2)
okur90
Shopify Partner
126 20 16
‎04-01-2023 02:33 AM

This is an accepted solution.

The issue you're experiencing is related to Shopify's Content Security Policy (CSP). When you try to load the charge confirmation page within the Shopify admin panel, it's being blocked due to the CSP restrictions.

 

To fix this issue, you should handle the billing process in a way that it opens in a new window or a full-page redirect, rather than within the embedded app frame.

 

When the app is loaded and you detect that there's no active charge, send a message from the app frontend (React) to the backend (PHP Symfony) to initiate the billing process.

 

In your PHP Symfony backend, create a route that handles the billing process. This route should redirect the user to the charge confirmation page with a full-page redirect, instead of returning a 302 redirect.

 

In your React frontend, listen for the response from the backend and use the `window.top.location.href` property to perform the full-page redirect. This will open the charge confirmation page in the parent window, bypassing the CSP restrictions.

 

// Receive the response from your backend containing the charge confirmation URL
const chargeConfirmationUrl = response.data.url;

// Perform the full-page redirect
window.top.location.href = chargeConfirmationUrl;

 

You can avoid the CSP issue with this approach and allow users to see the charge confirmation page without any errors.

Code Slingin, Pixel Wranglin - Laugh it up at onlinex.com.au
994 Views
Report
In response to okur90
sebastiandev
Shopify Partner
43 1 12
‎04-10-2023 02:29 PM

thanks for you help.

795 Views
0 Likes
Report
Top Contributors
View all
Community Browser

Community Blog Articles

Jasonh_0-1701799488302.png
Community Connect: November Recap

Transform this holiday season into a shopping spree. Plus, learn how to effortlessly open ...

By Jasonh Dec 8, 2023
cropped-shutterstock_2285098703.jpg
Donations Before Discounts: The Greatest Incentive

Make the shift from discounts to donations, and witness your business not only thrive fina...

By Holly Dec 4, 2023
cropped-SYSO-okt23-GROW.png
Unlocking the Secrets of E-commerce Success: An Exclusive Interview with SY...

On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...

By Arno Nov 27, 2023
Terms of Service Privacy Policy