Fetch shopify_domain from the request environment

Shopify · Jun 2, 2020 · 2d9f1e4 · 2d9f1e4
1 parent 7825bc6
commit 2d9f1e4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 18 deletions.
diff --git a/lib/shopify_app/controller_concerns/csrf_protection.rb b/lib/shopify_app/controller_concerns/csrf_protection.rb
@@ -2,21 +2,15 @@
 module ShopifyApp
   module CsrfProtection
     extend ActiveSupport::Concern
-
-    MissingIncludeError = Class.new(StandardError)
-
+
     included do
-      unless ancestors.include?(ShopifyApp::LoginProtection)
-        raise(MissingIncludeError, 'You must include ShopifyApp::LoginProtection before including this module.')
-      end
-
       protect_from_forgery with: :exception, unless: :valid_session_token?
     end
 
     private
 
     def valid_session_token?
-      jwt_shopify_domain.present?
+      request.env['jwt.shopify_domain']
     end
   end
 end
diff --git a/test/shopify_app/controller_concerns/csrf_protection_test.rb b/test/shopify_app/controller_concerns/csrf_protection_test.rb
@@ -28,16 +28,6 @@ class CsrfProtectionTest < ActionDispatch::IntegrationTest
     Rails.application.reload_routes!
   end
 
-  test 'it raises an error if module is included without including ShopifyApp::LoginProtection first' do
-    error = assert_raises ShopifyApp::CsrfProtection::MissingIncludeError do
-      class Test
-        include ShopifyApp::CsrfProtection
-      end
-    end
-
-    assert_equal 'You must include ShopifyApp::LoginProtection before including this module.', error.message
-  end
-
   test 'it raises an invalid authenticity token error if a valid session token or csrf token is not provided' do
     assert_raises ActionController::InvalidAuthenticityToken do
       post '/csrf_protection_test'