Ad

Shopify: Generate MD5 Hash For Non Logged In Users

- 1 answer

I'm generating hash for shopify application proxy request.

I'm using the customer's email address + secret to generate the hash.

This works perfectly for logged in users where I have all the information I need and I use the md5 shopify liquid filter.

Is there a way to generate the md5 hash in JS? and if so, how can I save the secret and use it in the JS?

Thanks

Ad

Answer

you don't really want to generate the hash in the client JS since you'd have to include the secret key etc. Also if the user is not logged in then you have no more risk than if you accept any signup form's info at face value.

The customer hash strategy is to make sure a valid customer cannot hack around with your data by randomly changing the customer id -- You may not think this is an issue but I had a customer where they sold to university students and the amount of hackery just for its own sake was pretty amazing. i.e., students didn't really seem to care whether or not they could get "something" for their hackery -- they just did it to see what would happen.

Ad
source: stackoverflow.com
Ad