Hi Shopify Dev Team,
My app recently failed review because the reviewer encountered a “The connection was reset” error in their browser immediately upon attempting to install the app.
Technical Findings:
-
Logs Discrepancy: I checked my Nginx access and error logs during the time of the review, but the initial installation requests from the reviewer’s browser never reached my server.
-
Webhook Activity: Interestingly, I did receive an
app/uninstalledwebhook from Shopify’s servers shortly after the failed attempt. This suggests the Shopify backend initiated a cleanup, even though the frontend connection was dropped before the OAuth flow could even start.
Debug Steps Taken:
-
Global Testing: We have tested the install flow from multiple regions and various networks; it works perfectly in all scenarios.
-
Server Status: Our server is hosted in an overseas data center with no geo-blocking or IP blacklisting configured.
-
SSL/TLS: Our configuration supports TLS 1.2/1.3 and modern cipher suites (verified via SSL Labs with an ‘A’ rating).
Questions: Before we request a re-test, do you have any suggestions on what we should investigate further? We are specifically wondering:
-
Are there any known firewall restrictions or security policies within the review environment (corporate proxy, etc.) that could cause a “connection reset” at the TLS handshake level?
-
Is there any specific browser configuration (e.g., Post-Quantum Cryptography) in the review environment that we should simulate?
If our setup looks correct on your end, could you please try the installation once more to rule out any transient network fluctuations?
Thank you for your time and support!