Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for current_shopify_domain to be nil with authenticated requests #1580

Merged
merged 7 commits into from
Nov 17, 2022
Merged

Allow for current_shopify_domain to be nil with authenticated requests #1580

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
24c7ae0
allow current_shopify_domain to be nil in LoginProtection
nelsonwittwer Nov 14, 2022
3b01e97
better helper to determine if JS requested action
nelsonwittwer Nov 15, 2022
82539a7
add content-type header to fetch
nelsonwittwer Nov 15, 2022
2006e2b
cleaner return_address refactor
nelsonwittwer Nov 15, 2022
0da581f
use text/javascript per MDN
nelsonwittwer Nov 15, 2022
8f343bf
changelog + upgrading docs
nelsonwittwer Nov 15, 2022
ebb0dc3
Merge branch 'main' into nelsonwittwer/current_shopify_domain_fix
nelsonwittwer Nov 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/generators/shopify_app/home_controller/templates/index.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
});

var fetchProducts = function() {
var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
var headers = new Headers({ "Content-Type": "application/javascript", "Authorization": "Bearer " + window.sessionToken });
return fetch("/products", { headers })
.then(response => response.json())
.then(data => {
Expand Down
16 changes: 10 additions & 6 deletions lib/shopify_app/controller_concerns/login_protection.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def host
end

def redirect_to_login
if request.xhr?
if requested_by_javascript?
add_top_level_redirection_headers(ignore_response_code: true)
head(:unauthorized)
else
Expand Down Expand Up @@ -182,6 +182,8 @@ def return_to_param_required?

def fullpage_redirect_to(url)
if ShopifyApp.configuration.embedded_app?
raise ::ShopifyApp::ShopifyDomainNotFound if current_shopify_domain.nil?

render("shopify_app/shared/redirect", layout: false,
locals: { url: url, current_shopify_domain: current_shopify_domain })
else
Expand All @@ -190,14 +192,12 @@ def fullpage_redirect_to(url)
end

def current_shopify_domain
shopify_domain = sanitized_shop_name || current_shopify_session&.shop

return shopify_domain if shopify_domain.present?

raise ::ShopifyApp::ShopifyDomainNotFound
sanitized_shop_name || current_shopify_session&.shop
end

def return_address
raise ::ShopifyApp::ShopifyDomainNotFound if current_shopify_domain.nil?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels a bit odd to raise this then immediately rescue it, maybe we could use a guard?

return base_return_address if current_shopify_domain.nil?


return_address_with_params(shop: current_shopify_domain, host: host)
rescue ::ShopifyApp::ShopifyDomainNotFound, ::ShopifyApp::ShopifyHostNotFound
base_return_address
Expand Down Expand Up @@ -242,5 +242,9 @@ def user_session_expected?

online_token_configured?
end

def requested_by_javascript?
request.xhr? || request.content_type == "application/javascript"
end
end
end