Customer Account API doesn't support the use of localhost or any http based URL

Customer Account API doesn't support the use of localhost or any http based URL

Nazaire
Visitor
2 0 0

I want to express my pain for the this limitation Shopify has imposed on developers. 

 


Shopify doesn't support the use of 
localhost or any http based URL due to security concerns. For development purposes, we recommend using a tunnelling service, such as ngrok.

Original Link 


I've never come across this on an application before and it's a real pain. Even auth providers like auth0 / Kinde will allow http / localhost callbacks. What is the security concern when the urls can only be set through the admin panel??

 

Because of this limitation, to locally develop with the new Customer Account API, the entire application has to be proxied through an HTTPS tunneller.  

 

Requiring a tunnelling service for local development adds an additional cost to the developer for building storefronts. Current providers like ngrok offer personal plans up to 5GB/mo bandwidth for $10 / month. Even on their enterprise plan the network bandwidth limit is 15GB.

 

When working on storefront with images developers will burn through this bandwidth pretty quickly! 

 

Please add http localhost as an acceptable origin. Or provide some other solution or workaround.

 

I'm very surprised Shopify didn't consider the effects this would have on local development environment here.

Reply 1 (1)

Nazaire
Visitor
2 0 0

I thought about this a bit more after making this post and found a work around.

 

You can proxy the query parameters and redirect yourself back to localhost from the callback endpoint. Make sure your not serving your entire local storefront through an HTTPS tunneller, and only using it to receive the authorization codes on the callback endpoint.