Fix for issue gnikyt#164

Author: gnikyt

src/ShopifyApp/Middleware/AuthShop.php

@@ -47,15 +47,18 @@ public function handle(Request $request, Closure $next)
 
         // Shop is OK, move on...
         $response = $next($request);
-        if (!$response instanceof Response && !$response instanceof RedirectResponse) {
-            // We need a response object to modify headers
-            $response = new Response($response);
-        }
+        if (!$request->ajax()) {
+            // Request is not AJAX, continue as normal
+            if (!$response instanceof Response && !$response instanceof RedirectResponse) {
+                // We need a response object to modify headers
+                $response = new Response($response);
+            }
 
-        if (Config::get('shopify-app.esdk_enabled')) {
-            // Headers applicable to ESDK only
-            $response->headers->set('P3P', 'CP="Not used"');
-            $response->headers->remove('X-Frame-Options');
+            if (Config::get('shopify-app.esdk_enabled')) {
+                // Headers applicable to ESDK only
+                $response->headers->set('P3P', 'CP="Not used"');
+                $response->headers->remove('X-Frame-Options');
+            }
         }
 
         return $response;

tests/Middleware/AuthShopMiddlewareTest.php

@@ -97,6 +97,23 @@ public function testHeadersForEsdkShouldBeAdjusted()
         $this->assertNull($result[0]->headers->get('x-frame-options'));
     }
 
+    public function testAjaxCallShouldNotAdjustResponse()
+    {
+        // Set a shop
+        $shop = factory(Shop::class)->create();
+        Session::put('shopify_domain', $shop->shopify_domain);
+
+        // Set the request
+        $request = Request::instance();
+        $request->headers->set('x-requested-with', 'XMLHttpRequest');
+
+        // Run the middleware
+        $result = $this->runAuthShop(null, $request);
+
+        // Assert the headers were not modified
+        $this->assertNull($result[0]);
+    }
+
     public function testHeadersForDisabledEsdk()
     {
         // Set a shop
@@ -138,10 +155,10 @@ public function testShouldSaveReturnUrl()
         // Request::swap($currentRequest);
     }
 
-    private function runAuthShop(Closure $cb = null)
+    private function runAuthShop(Closure $cb = null, $requestInstance = null)
     {
         $called = false;
-        $response = (new AuthShop())->handle(Request::instance(), function ($request) use (&$called, $cb) {
+        $response = (new AuthShop())->handle($requestInstance ? $requestInstance : Request::instance(), function ($request) use (&$called, $cb) {
             $called = true;
 
             if ($cb) {