search

Shopify / shopify_app

A Rails Engine for building Shopify Apps
MIT License
1.74k stars 685 forks source link

Proxy "Downloading File" #379

Closed fighella closed 7 years ago

fighella commented 7 years ago

Using the app proxy generator - if I visit my app URL - the liquid file is downloaded instead of displayed in the browser.

class AppProxyController < ApplicationController
  skip_before_filter :authenticate_admin!
   include ShopifyApp::AppProxyVerification

  def index
    render layout: false, content_type: 'application/liquid'
  end

end

$ curl -I https://myshopifysite.com.au/a/io/

Server: nginx
Date: Sun, 05 Feb 2017 12:37:54 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Set-Cookie: secure_customer_sig=; path=/; expires=Thu, 05 Feb 2037 12:37:54 -0000; secure; HttpOnly
Cache-Control: no-cache
X-Dc: chi2,chi2,chi2
Via: 1.1 vegur
Location: https://my-app.heroku.com/app_proxy/?shop=myshopifysite.com.au&path_prefix=/a/io&timestamp=1486298274&signature=a069eee0f79d797bd1e0ca40ab12237347f79571206243c758307688552e3f00
X-Runtime: 0.005851
X-Request-Id: 9c783602-e453-4208-bf5b-8de933253897
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Served-With: AppProxy-Nginx
Set-Cookie: _secure_session_id=abe9042f2dfafbd1bf5db0b07948ff1b; path=/; secure; HttpOnly
Set-Cookie: cart_sig=; path=/; expires=Sun, 19 Feb 2017 12:37:54 -0000; HttpOnly
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

If I follow the redirect =>

$ curl -I https://my-app.heroku.com/app_proxy/index?shop=myshopifysite.om.au&path_prefix=/a/io&timestamp=1486297444&signature=14832f7418b187c00593e138b6b81cfe3d115cbf92687c7c9a99faf70e436ff5
HTTP/1.1 200 OK
Server: Cowboy
Date: Sun, 05 Feb 2017 12:40:28 GMT
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
P3p: CP="Not used"
Content-Type: application/liquid; charset=utf-8
Vary: Accept-Encoding
Etag: W/"3844f4b2eb7fc08b73cc6b03be16c53a"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 0af0f3c0-993a-4c05-a8a0-c18879630d2b
X-Runtime: 0.007081
Via: 1.1 vegur
fighella commented 7 years ago

This middleware caused the issue.

config.middleware.use Rack::CanonicalHost, ENV.fetch("APPLICATION_HOST")