skip to Main Content

Following the guide here: https://shopify.dev/tutorials/display-data-on-an-online-store-with-an-application-proxy-app-extension

GET requests are working fine for me.

But when I try to do a POST request, my parameters are not coming through.

I’m building a simple wishlist app, where a user can click on a heart on a product and it adds it to a database.

So my code, when they click the heart, looks something like this:

    $.ajax({
        url: '/apps/wishlist/save',
        type: 'POST',
        data: {
            shop: shop,
            customerId: customerId,
            productId: productId
        },
        dataType: 'json',
        success: function (data) {
          console.info(data);
        }
    });

When I inspect this post in Network tab in Chrome Dev Tools, the original POST is hitting a 301, then Shopify is creating a GET request to the original URL with different/missing parameters that look like this:

shop: example.myshopify.com
path_prefix: /apps/wishlist
timestamp: 1585769299
signature: examplesignature

If I change my original AJAX request to a GET, then my original parameters are passed as expected.

Are POST requests not allowed here?

2

Answers


  1. Try to add / to the end of your url i.e. change it to /apps/wishlist/save/.

    Login or Signup to reply.
  2. Just to give a clearification.
    Vladimir answer works, why?
    It seems that Shopify changed their authentication flow for some POSTs request.
    You have to send requests without cookies or you can send requests with X-Shopify-Access-Token header and use your app’s password for it. They should work both but there are some cases of use that doesn’t permit you to send request without cookie or only uses basic auth (depending on wich method and software you use to send request). Shopify’s devs are not crazy of course, this was implemented due to avoid some kind of hackers attack based on specific attacking methods, but maybe it should be better clearly specified in their documentation. Even if the solution explained above should be preferred, as said it could not work in some cases so the Vladimir ‘s solution is a valid alternative (you could also add a dot at the end of the URL so for example: http://www.example.com./etc/etc), this because this way "blocks" the cookie seending.
    You can know more about that following Sopify’s community discussion here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search