Following the guide here: https://shopify.dev/tutorials/display-data-on-an-online-store-with-an-application-proxy-app-extension
GET requests are working fine for me.
But when I try to do a POST request, my parameters are not coming through.
I’m building a simple wishlist app, where a user can click on a heart on a product and it adds it to a database.
So my code, when they click the heart, looks something like this:
$.ajax({
url: '/apps/wishlist/save',
type: 'POST',
data: {
shop: shop,
customerId: customerId,
productId: productId
},
dataType: 'json',
success: function (data) {
console.info(data);
}
});
When I inspect this post in Network tab in Chrome Dev Tools, the original POST is hitting a 301, then Shopify is creating a GET request to the original URL with different/missing parameters that look like this:
shop: example.myshopify.com
path_prefix: /apps/wishlist
timestamp: 1585769299
signature: examplesignature
If I change my original AJAX request to a GET, then my original parameters are passed as expected.
Are POST requests not allowed here?
2
Answers
Try to add
/
to the end of yoururl
i.e. change it to/apps/wishlist/save/
.Just to give a clearification.
Vladimir answer works, why?
It seems that Shopify changed their authentication flow for some POSTs request.
You have to send requests without cookies or you can send requests with
X-Shopify-Access-Token
header and use your app’s password for it. They should work both but there are some cases of use that doesn’t permit you to send request without cookie or only uses basic auth (depending on wich method and software you use to send request). Shopify’s devs are not crazy of course, this was implemented due to avoid some kind of hackers attack based on specific attacking methods, but maybe it should be better clearly specified in their documentation. Even if the solution explained above should be preferred, as said it could not work in some cases so the Vladimir ‘s solution is a valid alternative (you could also add a dot at the end of the URL so for example: http://www.example.com./etc/etc), this because this way "blocks" the cookie seending.You can know more about that following Sopify’s community discussion here