It works well when the app just loaded and Shopify provided all necessary params with id_token. But subsequent requests in app won't have embedded param in the URL. Meaning, that in case of invalid token error, the app will try to redirect user to embedded within iframe and it will lead to browser error:
To solve this problem, I found an alternative way to detect embedded using Sec-Fetch-Dest browser header. It's a nice fallback to embedded param and should help us correctly detect embedded requests and redirect them properly.
What this PR does
Token exchange concern uses
embedded
param to determine whether request should be redirected to embedded or bounce page should be displayed: https://github.com/Shopify/shopify_app/blob/main/lib/shopify_app/controller_concerns/token_exchange.rb#L67It works well when the app just loaded and Shopify provided all necessary params with id_token. But subsequent requests in app won't have![image](https://github.com/Shopify/shopify_app/assets/839922/240fcd33-d6be-4fe0-bbd7-a3e9d4bff28b)
embedded
param in the URL. Meaning, that in case of invalid token error, the app will try to redirect user to embedded within iframe and it will lead to browser error:To solve this problem, I found an alternative way to detect embedded using
Sec-Fetch-Dest
browser header. It's a nice fallback toembedded
param and should help us correctly detect embedded requests and redirect them properly.References:
Checklist
Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.md
if the changes would impact usersREADME.md
, if appropriate./docs
, if necessary