Solved

App Proxy requests are missing the Referer header value?

Gregarican
Shopify Partner
1033 86 285

So for a few years now I have a Shopify App Proxy deployed. My proxied receiver evaluates the HMAC signature and also validates the Referer header value. To help ensure the request came through the proper route. I'd say that 90% of the time this works flawlessly. Yet I am seeing some failures. The HMAC signature is fine, but the proxied receiver isn't getting any Referer header value passed along. Is this known behavior, or perhaps is it something on the client that might be dropping this header value from appearing?

 

Looking closer at the web sessions, they aren't just initially landing on the Shopify page right off the bat. They are browsing and clicking through various pages on the Shopify site. So they should be sending along the Referer header values I'd imagine.

Accepted Solution (1)

Gregarican
Shopify Partner
1033 86 285

This is an accepted solution.

After testing out a few different ways, I can only assume it's something on the client's end. In terms of specific browser options that are manually being defined somewhere. Eliminating this Referer header value from being passed along.

 

At this point I'd consider this to be a client-side issue, so not much can be done on my end in that regard really. 

View solution in original post

Reply 1 (1)

Gregarican
Shopify Partner
1033 86 285

This is an accepted solution.

After testing out a few different ways, I can only assume it's something on the client's end. In terms of specific browser options that are manually being defined somewhere. Eliminating this Referer header value from being passed along.

 

At this point I'd consider this to be a client-side issue, so not much can be done on my end in that regard really.