Application Proxy - There was an error in the third-party application

Retired Boards Appdev Store Design

Topic summary

Shopify app developers are experiencing a “There was an error in the third-party application” message when users access their apps through Shopify’s Application Proxy feature. The issue began around June 21, 2019.

Core Problem:

  • App proxy URLs return 500 errors from Cloudflare
  • Developers confirm their servers never receive the requests (verified via access logs)
  • Direct access to proxy endpoints works correctly
  • Using ngrok as an intermediary resolves the issue temporarily

Shopify’s Position (via Alex from support):

  • Only two scenarios should trigger this error: response too large, or server returning 500-range status
  • Confirmed the proxy mechanism doesn’t hit any Shopify middleware before reaching app servers
  • Added logging to capture more response details for debugging

Identified Solutions:

  1. SSL Certificate Issues: One developer resolved the error by renewing their SSL certificate. Another found missing SSLCACertificateFile configuration in Apache vhost caused Shopify’s certificate verification to fail.
  2. Port Configuration: Using custom ports causes problems; port 443 (standard HTTPS) should be used instead.
  3. Temporary Workaround: Using ngrok or similar tunneling services works, but isn’t viable for production.

Status: The root cause appears related to SSL certificate validation and server configuration rather than Shopify’s proxy logic itself. Developers should verify their SSL setup and avoid custom ports.

Summarized with AI on November 9. AI used: claude-sonnet-4-5-20250929.
2

Actually, we notice that our proxy was not even called. We setup our proxy as

Subpath prefix: apps

Subpath: simple-testimonials

Proxy URL: https://myshopifyapps.com/simple-testimonials/proxy

When we accessed our test store’s https://etechfocus-demo.myshopify.com/apps/simple-testimonials, our proxy was not called.

Saw the error code 500 from cloudflare

  • Connection state changed (MAX_CONCURRENT_STREAMS updated)!
    < HTTP/2 500
    < date: Mon, 24 Jun 2019 14:50:10 GMT
    < content-type: text/html; charset=utf-8
    < set-cookie: __cfduid=df665a7c97b070af8aed7c0543ae7f76f1561387809; expires=Tue, 23-Jun-20 14:50:09 GMT; path=/; domain=.myshopify.com; HttpOnly
    < set-cookie: _shopify_y=62873d60-a98e-4222-9d6a-0f59242c3fa1; path=/; expires=Thu, 24 Jun 2021 02:28:34 -0000
    < set-cookie: _orig_referrer=; Expires=Mon, 08-Jul-19 14:50:10 GMT; Path=/; HttpOnly
    < set-cookie: _landing_page=%2Fapps%2Fsimple-testimonials; Expires=Mon, 08-Jul-19 14:50:10 GMT; Path=/; HttpOnly
    < set-cookie: secure_customer_sig=; path=/; expires=Fri, 24 Jun 2039 14:50:10 -0000; secure; HttpOnly
    < set-cookie: cart_sig=; path=/; expires=Mon, 08 Jul 2019 14:50:10 -0000; HttpOnly
    < content-security-policy: block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=app_liquid&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fapp_proxy&source%5Bsection%5D=storefront&source%5Buuid%5D=7d0fe70a-cdd0-4cd2-8d06-6afae0b17d26
    < vary: Accept-Encoding
    < x-shopid: 21465161
    < x-shopify-stage: production
    < x-sorting-hat-podid: 52
    < strict-transport-security: max-age=7889238
    < x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
    < x-sorting-hat-shopid: 21465161
    < x-shardid: 52
    < x-content-type-options: nosniff
    < x-request-id: 7d0fe70a-cdd0-4cd2-8d06-6afae0b17d26
    < x-download-options: noopen
    < x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=app_liquid&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fapp_proxy&source%5Bsection%5D=storefront&source%5Buuid%5D=7d0fe70a-cdd0-4cd2-8d06-6afae0b17d26
    < x-permitted-cross-domain-policies: none
    < content-language: en
    < expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
    < server: cloudflare
    < cf-ray: 4ebf8333caa6a366-HKG