From 3462b3604c03ce26b5c62a5de2295fb0f8f75e8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristi=C3=A1n=20Mel=C3=A9ndez?= Date: Tue, 6 Jun 2023 09:34:32 -0400 Subject: [PATCH 1/2] allows setting a cookie domain for the oauth flow and fixes some cookienotfound errors --- docs/reference/shopifyApi.md | 7 +++++++ lib/__tests__/config.test.ts | 2 ++ lib/auth/oauth/oauth.ts | 8 +++++--- lib/base-types.ts | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/reference/shopifyApi.md b/docs/reference/shopifyApi.md index cbe88a525..7a1238b4b 100644 --- a/docs/reference/shopifyApi.md +++ b/docs/reference/shopifyApi.md @@ -21,6 +21,7 @@ const shopify = shopifyApi({ userAgentPrefix: 'Custom prefix', privateAppStorefrontAccessToken: 'PrivateAccessToken', customShopDomains: ['*.my-custom-domain.io'], + cookieDomain: '.example.com', billing: { 'My plan': { amount: 5.0, @@ -105,6 +106,12 @@ Fixed Storefront API access token for private apps. Use this if you need to allow values other than `myshopify.com`. +### cookieDomain + +`string` | Defaults to `undefined` + +Use this if you need to set a domain-wide cookie for the oauth flow. + ### billing `BillingConfig` | Defaults to `undefined` diff --git a/lib/__tests__/config.test.ts b/lib/__tests__/config.test.ts index 27ce03b8d..1992f98fd 100644 --- a/lib/__tests__/config.test.ts +++ b/lib/__tests__/config.test.ts @@ -17,6 +17,7 @@ describe('Config object', () => { apiVersion: ApiVersion.Unstable, isEmbeddedApp: true, isCustomStoreApp: false, + cookieDomain: '.example.com', logger: { log: jest.fn(), level: LogSeverity.Debug, @@ -33,6 +34,7 @@ describe('Config object', () => { expect(config.apiSecretKey).toEqual(validParams.apiSecretKey); expect(config.scopes.equals(validParams.scopes)).toBeTruthy(); expect(config.hostName).toEqual(validParams.hostName); + expect(config.cookieDomain).toEqual(validParams.cookieDomain); }); it("can't initialize with empty values", () => { diff --git a/lib/auth/oauth/oauth.ts b/lib/auth/oauth/oauth.ts index dd79c8a50..e4880df0b 100644 --- a/lib/auth/oauth/oauth.ts +++ b/lib/auth/oauth/oauth.ts @@ -86,9 +86,10 @@ export function begin(config: ConfigInterface) { await cookies.setAndSign(STATE_COOKIE_NAME, state, { expires: new Date(Date.now() + 60000), - sameSite: 'lax', + sameSite: 'none', secure: true, - path: callbackPath, + path: '/', + domain: config.cookieDomain, }); const query = { @@ -197,9 +198,10 @@ export function callback(config: ConfigInterface) { if (!config.isEmbeddedApp) { await cookies.setAndSign(SESSION_COOKIE_NAME, session.id, { expires: session.expires, - sameSite: 'lax', + sameSite: 'none', secure: true, path: '/', + domain: config.cookieDomain, }); } diff --git a/lib/base-types.ts b/lib/base-types.ts index 7787719f4..64e848b97 100644 --- a/lib/base-types.ts +++ b/lib/base-types.ts @@ -21,6 +21,7 @@ export interface ConfigParams { customShopDomains?: (RegExp | string)[]; billing?: BillingConfig; restResources?: T; + cookieDomain?: string; logger?: { log?: LogFunction; level?: LogSeverity; From 7b2eea303a23afd9ebc430c8abc2906b90d77091 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristi=C3=A1n=20Mel=C3=A9ndez?= Date: Tue, 6 Jun 2023 09:50:51 -0400 Subject: [PATCH 2/2] runs changeset --- .changeset/five-peaches-brake.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/five-peaches-brake.md diff --git a/.changeset/five-peaches-brake.md b/.changeset/five-peaches-brake.md new file mode 100644 index 000000000..5e50de74a --- /dev/null +++ b/.changeset/five-peaches-brake.md @@ -0,0 +1,5 @@ +--- +'@shopify/shopify-api': patch +--- + +Allows to set an optional cookieDomain param when calling shopifyApi