I am writing a Shopify app that will utilize Shopify's application proxy feature. When validating requests from Shopify, there are two different ways Shopify generates the signature/hmac. I updated the is_valid_signature() method to support proxied requests from Shopify.
Essentially, when Shopify generates the message for the hash, Shopify uses either an '&' or nothing.
Here are the links that shows the different implementation in Ruby:
I am writing a Shopify app that will utilize Shopify's application proxy feature. When validating requests from Shopify, there are two different ways Shopify generates the signature/hmac. I updated the is_valid_signature() method to support proxied requests from Shopify.
Essentially, when Shopify generates the message for the hash, Shopify uses either an '&' or nothing.
Here are the links that shows the different implementation in Ruby: