Shopify Webhooks and YII2 posts

I am working with Shopify to create a webhook via a YII2 framework project. The webhook works fine if I use a non-Yii page (regular PHP) but when I try to run it through the YII2 page, I get a 400 error on my server.

This is the header I get when running the webhook on the non-yii page:


	"Authorization": "",

	"Host": "",

	"X-Forwarded-Host": "",

	"X-Forwarded-Server": "",

	"Forwarded-Request-Uri": "\/test.php",

	"Https": "off",

	"X-Forwarded-Proto": "http",

	"X-Forwarded-Ssl": "off",

	"Connection": "close",

	"X-Shopify-Topic": "orders\/fulfilled",

	"X-Shopify-Shop-Domain": "",

	"X-Shopify-Order-Id": "123456",

	"X-Shopify-Test": "true",

	"X-Shopify-Hmac-Sha256": "qXqxkmG+uGIeOPBW9\/fEt64j2r8OhWjGZLVTa3ibs7w=",

	"Accept-Encoding": "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",

	"Accept": "*\/*",

	"User-Agent": "Ruby",

	"X-Newrelic-Id": "VQQUUFNS",



When I check my server logs, I get these errors when running the webhook on the YII2 page: - - [11/Apr/2017:01:39:53 +0000] "POST /webhook-update-jet-order HTTP/1.1" 400 2196 "-" "Ruby"

Is there something in the header that YII2 doesn’t like and is blocking the request?

I have tried to disable the CSRF requests and this does not work.

Any other thoughts?

What’s Ruby in this line?

I am assuming that is what Shopify is using to send. Other than that, idk, nothing I have set up.

Aha. So Ruby client (Shopify) sends a request and is getting 400 in response. I’d check Yii logs to get more details but I think it’s CSRF triggered. For external use it should be disabled like

I know that you’ve tried that but probably you’ve tied it wrong.

Thanks Samdark, That did it.

Started by disabling CSRF for the whole site and it went through, so I went back and adjusted the individual action and had an issue with my beforeAction.