Closed brucelee90 closed 3 years ago
I had a similar issue where the APP_URL and the Shopify keys were all correct and I was getting this error, it turns out the issue was relating to the nginx config I had which was perofrming the following:
try_files $uri $uri/ /index.php?q=$uri&$args;
This added the q parameter to the query string and when the hmac is trying to verify it does not because the nginx has added the extra param
I updated the nginx setting to the following:
try_files $uri $uri/ /index.php?$query_string;
Thereafter its not adding the q= param which throws out the hmac validation.
Tips
@brucelee90 Does the info above help at all?
I've had issues with my local installation and nginx, so unfortunately I wasn't able to reproduce this issue. I will try it as soon as these issues are solved. Thank you for your replies!
Ok, so I just tried to edit my nginx.conf at /usr/local/etc/nginx, I was looking for any property like try_files $uri $uri/ /index.php?q=$uri&$args
, but couldn't find anything like try_files, which I could replace.
I tried to paste into http anyway and got an error message after restarting the nginx.
Not sure where to edit the nginx.conf now
@brucelee90 you can use "nginx -T | grep try_files" on the server where your nginx is installed to look for the try_files line in the combined configuration output by using nginx -T piped through grep to look for what you need.
I presume you double checked points 1,2,3 which is why you are focusing on 4 as per my tips above?
When you do find the try_files declaration using the command I gave you can then either pipe the "nginx -T > output.txt" to a file and look in that file for the try_files which will enable you to see the file the line is being loaded in.
I will close this issue now since I cannot reproduce it right now anymore.
I created a new API key for my app. I set the new API within my .env file. Now if I want to reinstall the app again on my development store, the app URL gets redirected to:
https://app-name.test/?hmac=735d3606aa1b71e5f2c0e83256c8b3c2d148f8028f542ec829e8ebe61c4df970&host=bDQtc2FtcGxlLWFwcC5teXNob3BpZnkuY29tL2FkbWlu&locale=de&new_design_language=true&session=2d9564ec870bc29b15c6d278227092caef70741fb57989331b6229c9329b0be8&shop=l4-sample-app.myshopify.com×tamp=1625085184
This always leads to an error message saying:
Unable to verify signature.
what causes this issue? where is the hmac coming from?