shopify_app: raise: false in WebhookVerification breaks in Rails 4

https://github.com/Shopify/shopify_app/blob/v7.0.11/lib/shopify_app/webhook_verification.rb#L6

skip_before_filter :verify_authenticity_token works but skip_before_filter :verify_authenticity_token, raise: false gives CSRF error

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 1
  • Comments: 18 (13 by maintainers)

Commits related to this issue

Most upvoted comments

I suppose this is happening because of https://github.com/rails/rails/blob/v4.2.6/activesupport/lib/active_support/callbacks.rb#L674-L677 in Rails 4:

if filter && options.any?
  new_filter = filter.merge(chain, options)
  chain.insert(chain.index(filter), new_filter)
end

The callback is being reinserted into the chain because raise: false makes options.any? return true. In Rails 5 the conditional is if callback && (options.key?(:if) || options.key?(:unless)), so raise: false doesn’t reinsert it.

+1
tobymarsden on Jul 22, 2016
Read more comments on GitHub
← shopify_app: :order => "created_at DESC" is not a valid parameter for the Order query
shopify_app: redirect_uri not used correctly →