app_proxy_controller.rb

class AppProxyController < ApplicationController
   include ShopifyApp::AppProxyVerification

  def login_form
    render layout: false, content_type: 'application/liquid'
  end

  def check_password
    @setting = Setting.find(1)
    if @setting.password == params[:password]
      head :ok
    else
      head :forbidden
    end
  end
end

console.log

Processing by AppProxyController#check_password as HTML
  Parameters: {"utf8"=>"✓", "password"=>"[FILTERED]", "commit"=>"Login", "shop"=>"mywebsite.myshopify.com", "path_prefix"=>"/tools/resource-center", "timestamp"=>"1491955875", "signature"=>"f6c909a7b369865e0585450c7f28e738d44399d8959725b00209cc897c8cced6"}
  Setting Load (80.0ms)  SELECT  "settings".* FROM "settings" WHERE "settings"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
Completed 200 OK in 83ms (ActiveRecord: 80.0ms)

login_form.html.erb

<div class='rails-app'>
  <div class='login-portal'>
    <h2 style='color: blue;'>Login</h2>
    <%= form_tag "https://ronniecoleman.net/tools/resource-center/check_password", remote: true, class: "resource-form" do |f| %>
      <%= text_field_tag :password, "", placeholder: "Enter Password", style: "background-color: #e6e6e6;" %>

      <%= submit_tag "Login", class: "check-pass-btn" %>
    <% end %>
    <div class='form-notifications'></div>
  </div>
</div>

<script>
  $(".resource-form").on("submit", function(e) {
    $.ajax({
      url: $(".resource-form").attr("action"),
      crossDomain: true,
      type: "POST",
      dataType: "json",
      data: $(".resource-form").serialize(),
      success: function(data) {
        $(".rails-app").html("<%= escape_javascript(render partial: 'category_section') %>");
      },
      error: function(data) {
        $(".form-notifications").html("<p style='color: red;'>That password is incorrect. Please try again.</p>");
      }
    });
  });
</script>