Embedded app iframe now loads at {app_url}/apps/{handle} instead of {app_url}/ → 404 on open for some shops

App Bridge
1

Summary

Recently, the Shopify admin started loading our embedded app’s iframe at {app_url}/apps/{app-handle} (and {app_url}/apps/{client_id} immediately after installing from the developer dashboard) instead of at {app_url}/. Our app serves its SPA at the App URL root, so this new entry path has no matching server route and returns a 404 inside the app frame. It hits only a subset of shops/opens (looks random) and sometimes appears to “fix itself” on refresh, which made it hard to track down. This previously worked the app loaded at the App URL root.

App setup

  • Embedded app, App URL = https://OURDOMAIN/ (root)
  • embedded = true; auth via App Bridge session tokens + token exchange
  • App Bridge: unversioned https://cdn.shopify.com/shopifycloud/app-bridge.js

Observed behavior

The initial iframe document request (captured from the browser network panel) is:

GET https://OURDOMAIN/apps/{app-handle}?embedded=1&hmac=…&host=…&id_token=…&locale=en&session=…&shop=SHOP.myshopify.com&timestamp=…
Sec-Fetch-Dest: iframe
Referer: https://admin.shopify.com/

Immediately after installing via the developer dashboard, the same request uses the client_id instead of the handle:

GET https://OURDOMAIN/apps/{client_id}?embedded=1&…

Since the app only routes /, /settings, etc. (nothing under /apps/...), the server returns 404 and the merchant sees “404 Not Found” in the embedded frame.

Expected behavior

The iframe loads at {app_url}/?… (the configured App URL root), as before. We’d expect the admin’s /apps/{handle} path prefix to be stripped when building the iframe src, not forwarded into it.

Impact

  • 404 on app open/install for affected shops.
  • Intermittent across shops — consistent with a gradual rollout.

Questions

  1. Is forwarding the /apps/{handle} (and /apps/{client_id}) prefix into the embedded iframe src an intended change?
  2. If intended, what’s the recommended handling — should apps now serve their UI under /apps/{handle}/*, or is there a config / App Bridge base-path for this?
  3. Was embedded-app entry-URL construction changed recently in the Spring '26 admin / new Dev Dashboard?

Current workaround

A server-side redirect from /apps/{anything} to the matching app path, preserving the full query string (shop, host, id_token, hmac, session, …), so the SPA loads at root and App Bridge authenticates normally.

2

I am looking into this

3

Thanks @Henry_Tao :folded_hands:

So far I have seen one more developer is experiencing the similar issue

image
image2634×1104 164 KB

4

Can I know what app and what shop is this? I cannot seem to reproduce this

5

I was getting this error on all my apps with this store when I was installing for the first time or clicking on Open link in app store listing page.

Store ID is this 66591522879

Maybe this is a development store issue.

I have now made a fix for this error by adding {app_url}/apps/{app-handle} route to my app. So this error not happening anymore on my apps.

6

I’m not sure if this is recent, this probably has been happening for a long time, I just never said it here because I came up with a correction fix from our end.

7

This should be fixed. Let me know if you still see the issue. @farid @David_Arbias

8

Thanks a lot @Henry_Tao :folded_hands:

9

I have a new problem now where clicking any app will redirect the wrong url:

https://admin.shopify.com/store/winerie

clicking any app will redirect to
https://admin.shopify.com/apps/{app}

Without any store in the url.