Shopify: apps.shopify.com - CSRF token leakage through Google Analytics

Description: When a user tries to send a support a message to an app developer in apps.shopify.com , he will be asked to login and once he is logged in , he will be redirected to apps.shopify.com/appid?authenticitytoken=currentuserauthenticitytoken. Developers can track their app page view in...