Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle 401 errors in XHR requests with LoginProtection #1787

Merged
merged 2 commits into from
Feb 9, 2024
Merged

Properly handle 401 errors in XHR requests with LoginProtection #1787

merged 2 commits into from
Feb 9, 2024

Conversation

paulomarg
Copy link
Contributor

@paulomarg paulomarg commented Feb 8, 2024
edited
Loading

What this PR does

Related to #1708

After a 401 response from Shopify, we were simply attempting to redirect to Shopify, which wouldn't work for XHR requests for embedded apps.

We can instead use redirect_to_login, which is aware of the context and will return the appropriate response in all cases.

Reviewer's guide to testing

You can reproduce the problem by:

  • installing an app
  • stopping my server
  • uninstalling the app
  • restarting server
  • opening app

Before, this would lead to an attempt at logging in within the iframe, which would fail.

Things to focus on

Is there any reason not to use the 401 response with headers at this point?

Checklist

Before submitting the PR, please consider if any of the following are needed:

  • Update CHANGELOG.md if the changes would impact users

@paulomarg paulomarg requested a review from a team as a code owner February 8, 2024 15:00
@paulomarg
Use a 401 with headers for login redirect
5cb6dc0 
After a 401 response from Shopify, we were simply attempting to redirect
to Shopify, which wouldn't work for XHR requests for embedded apps.

We can instead use redirect_to_login, which is aware of the context and
will return the appropriate response in all cases.
@paulomarg paulomarg force-pushed the catch_401_errors_in_login_protection branch from 95bfb63 to 5cb6dc0 Compare February 8, 2024 15:01
@paulomarg paulomarg mentioned this pull request Feb 8, 2024
Closed
@paulomarg paulomarg changed the title Catch 401 errors in LoginProtection Properly handle 401 errors in XHR requests with LoginProtection Feb 8, 2024
@paulomarg paulomarg force-pushed the catch_401_errors_in_login_protection branch from 6e6e161 to 55b9ea5 Compare February 8, 2024 19:22
@paulomarg paulomarg merged commit d4cfb7e into main Feb 9, 2024
8 checks passed
@paulomarg paulomarg deleted the catch_401_errors_in_login_protection branch February 9, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matteodepalo matteodepalo matteodepalo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@paulomarg @matteodepalo