Shopify · NabeelAhsen · Jan 7, 2022 · Jun 5, 2021
diff --git a/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb b/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
@@ -10,9 +10,22 @@ module EnsureAuthenticatedLinks
 
     private
 
+    def splash_page
+      splash_page_with_params(
+        return_to: request.fullpath,
+        shop: current_shopify_domain,
+        host: params[:host]
+      )
+    end
+
+    def splash_page_with_params(params)
+      uri = URI(root_path)
+      uri.query = params.compact.to_query
+      uri.to_s
+    end
+
     def redirect_to_splash_page
-      splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain)
-      redirect_to(splash_page_path)
+      redirect_to(splash_page)
     rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
       Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
                          "Could not determine current shop domain")

diff --git a/test/controllers/concerns/ensure_authenticated_links_test.rb b/test/controllers/concerns/ensure_authenticated_links_test.rb
@@ -44,6 +44,14 @@ def current_shopify_domain
     assert_redirected_to expected_path
   end
 
+  test 'redirects to splash page with a return_to, shop and host params if no session token is present' do
+    get :some_link, params: { shop: @shop_domain, host: 'test-host' }
+
+    expected_path = "/?host=test-host&return_to=#{CGI.escape(request.fullpath)}&shop=#{@shop_domain}"
+
+    assert_redirected_to expected_path
+  end
+
   test 'returns the requested resource if a valid session token exists' do
     request.env['jwt.shopify_domain'] = @shop_domain