Support rewriting the request_url in the HttpClient when no Host header is provided

Author: Shinomix

lib/shopify_api/clients/http_client.rb

@@ -39,18 +39,18 @@ def request(request, response_as_struct: false)
         headers = @headers
         headers["Content-Type"] = T.must(request.body_type) if request.body_type
         headers = headers.merge(T.must(request.extra_headers)) if request.extra_headers
-        if headers["Host"].include?(".my.shop.dev")
-          headers["x-forwarded-host"] = headers["Host"]
-          headers["Host"] = "app.shop.dev"
-        end
+
+        parsed_uri = URI(request_url(request))
+
+        headers = append_first_party_development_headers(headers, parsed_uri)
 
         tries = 0
         response = HttpResponse.new(code: 0, headers: {}, body: "")
         while tries < request.tries
           tries += 1
           res = T.cast(HTTParty.send(
             request.http_method,
-            request_url(request),
+            parsed_uri.to_s,
             headers: headers,
             query: request.query,
             body: request.body.class == Hash ? T.unsafe(request.body).to_json : request.body,
@@ -119,6 +119,22 @@ def serialized_error(response)
         end
         body.to_json
       end
+
+      private
+
+      sig do
+        params(headers: T::Hash[T.any(Symbol, String), T.untyped],
+          parsed_uri: URI::Generic).returns(T::Hash[T.any(Symbol, String), T.untyped])
+      end
+      def append_first_party_development_headers(headers, parsed_uri)
+        return headers unless headers["Host"]&.include?(".my.shop.dev") || parsed_uri.host&.include?(".my.shop.dev")
+
+        # These headers are only used for first party applications in development mode
+        headers["x-forwarded-host"] = headers["Host"] || parsed_uri.host
+        headers["Host"] = "app.shop.dev"
+
+        headers
+      end
     end
   end
 end

test/clients/http_client_test.rb

@@ -289,6 +289,58 @@ def test_response_as_struct
         assert_equal("nested_value", response.body.key.nested_key)
       end
 
+      def test_rewrites_my_shop_dev_host_headers_when_present
+        @success_body = {}
+        shop = "test-shop.my.shop.dev"
+        session = ShopifyAPI::Auth::Session.new(shop:, access_token: @token)
+
+        expected_headers = @expected_headers.dup
+        expected_headers["Host"] = "app.shop.dev"
+        expected_headers["x-forwarded-host"] = shop
+
+        stub_request(@request.http_method, "https://#{shop}#{@base_path}/#{@request.path}")
+          .with(body: @request.body.to_json, query: @request.query, headers: expected_headers)
+          .to_return(body: "", headers: @response_headers, status: 204)
+
+        @client = ShopifyAPI::Clients::HttpClient.new(session:, base_path: @base_path)
+        @request = ShopifyAPI::Clients::HttpRequest.new(
+          http_method: :post,
+          path: "some-path",
+          body: { foo: "bar" },
+          body_type: "application/json",
+          query: { id: 1234 },
+          extra_headers: { extra: "header", "Host" => shop },
+        )
+
+        verify_http_request
+      end
+
+      def test_appends_host_headers_for_my_shop_dev_request_url
+        @success_body = {}
+        shop = "test-shop.my.shop.dev"
+        session = ShopifyAPI::Auth::Session.new(shop:, access_token: @token)
+
+        expected_headers = @expected_headers.dup
+        expected_headers["Host"] = "app.shop.dev"
+        expected_headers["x-forwarded-host"] = shop
+
+        stub_request(@request.http_method, "https://#{shop}#{@base_path}/#{@request.path}")
+          .with(body: @request.body.to_json, query: @request.query, headers: expected_headers)
+          .to_return(body: "", headers: @response_headers, status: 204)
+
+        @client = ShopifyAPI::Clients::HttpClient.new(session:, base_path: @base_path)
+        @request = ShopifyAPI::Clients::HttpRequest.new(
+          http_method: :post,
+          path: "some-path",
+          body: { foo: "bar" },
+          body_type: "application/json",
+          query: { id: 1234 },
+          extra_headers: { extra: "header" },
+        )
+
+        verify_http_request
+      end
+
       private
 
       def simple_http_test(http_method)