I am working with Shopify to create a webhook via a YII2 framework project. The webhook works fine if I use a non-Yii page (regular PHP) but when I try to run it through the YII2 page, I get a 400 error on my server.
This is the header I get when running the webhook on the non-yii page:
{
"Authorization": "",
"Host": "craigsirk.com",
"X-Forwarded-Host": "craigsirk.com",
"X-Forwarded-Server": "craigsirk.com",
"Forwarded-Request-Uri": "\/test.php",
"Https": "off",
"X-Forwarded-Proto": "http",
"X-Forwarded-Ssl": "off",
"Connection": "close",
"X-Shopify-Topic": "orders\/fulfilled",
"X-Shopify-Shop-Domain": "craigtesting.myshopify.com",
"X-Shopify-Order-Id": "123456",
"X-Shopify-Test": "true",
"X-Shopify-Hmac-Sha256": "qXqxkmG+uGIeOPBW9\/fEt64j2r8OhWjGZLVTa3ibs7w=",
"Accept-Encoding": "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
"Accept": "*\/*",
"User-Agent": "Ruby",
"X-Newrelic-Id": "VQQUUFNS",
"X-Newrelic-Transaction": "PxQAA1dUDlYDAFQGAlQFU1EGFB8EBw8RVU4aVVoJAwRWVl1UVVRWUFEDAENKQQlWCFxRAQNXFTs="
}
When I check my server logs, I get these errors when running the webhook on the YII2 page:
23.227.37.104 - - [11/Apr/2017:01:39:53 +0000] "POST /webhook-update-jet-order HTTP/1.1" 400 2196 "-" "Ruby"
Is there something in the header that YII2 doesn’t like and is blocking the request?
I have tried to disable the CSRF requests and this does not work.
Any other thoughts?