security: restrict installs to ALLOWED_SHOP and remove generic landing form
This commit is contained in:
Gerhard Scheikl
@@ -10,6 +10,9 @@ SHOPIFY_API_SECRET=REPLACE_ME
|
||||
# Public URL Shopify uses for OAuth, webhooks and admin embedding. Must match shopify.app.dev.toml.
|
||||
SHOPIFY_APP_URL=https://invoice-app-dev.linumiq.com
|
||||
|
||||
# Single-merchant lock-in: only this myshopify domain may install the app.
|
||||
ALLOWED_SHOP=linumiq-dev.myshopify.com
|
||||
|
||||
# Must match `scopes` in shopify.app.dev.toml.
|
||||
SCOPES=read_orders,write_orders,read_all_orders,read_customers,read_companies,read_files,write_files
|
||||
|
||||
|
||||
Reference in New Issue
Block a user