ctx.cookie.set() does not appear to set a cookie

Highlighted
Excursionist
52 3 8

When inside the shopify admin area, I see the contents of the file at the redirect url. But using Chrome's EditThisCookie extension neither cookie is set.

 

Anyone know why this is? I suspect it is a domain scoping issue: shopify.com admin area on one domain, the ngrok app on another. If that or some other issue is the case I hope someone knows how to fix it.

 

// server.ts

koa.use(authorizeForShopify({
  apiKey : SHOPIFY_BUYUSED_API_KEY
  , secret : SHOPIFY_BUYUSED_API_SECRET
  , scopes : SHOPIFY_BUYUSED_SCOPES.split(",")
  , afterAuth(ctx: Koa.Context): void {
    console.log(`=====inside afterAuth()=====`); // I do not see this log statement in the console
    const {shop, accessToken} = ctx.session;
    
    console.log({
      message : "from inside afterAuth()" // I do not see this log either
      , shop
      , accessToken
    });
    
    // cookie setting
    const cookieOptions = {
      httpOnly: true,
      secure: true,
      signed: true,
      overwrite: true
    };
    
    ctx.cookie.set("buyUsed_shopName", shop, cookieOptions);
    ctx.cookie.set("buyUsed_generalToken", accessToken, cookieOptions);
    
    
    ctx.redirect("/");
  }
}));

////// Routing //////
router.get('/', async ctx => {
  // ctx.body = "Koa server running, '/' route triggered"
  ctx.redirect("https://storage.cloud.google.com/buy_used/consoleLog.js"); // this file's contents renders on the page
});
0 Likes
Highlighted
Shopify Staff
Shopify Staff
1040 139 163

Hey @seandz,

 

I suspect this is related to Chrome's update.

 

With the release of Chrome 80 on February 4th, 2020, the default behaviour of Chrome will change from allowing cookies in a cross-site or third-party context to denying them.

To designate cookies for cross-site access, a new cookie setting is available in Chrome: SameSite=None. This attribute can be used by services that are running in a third-party context, such as embedded Shopify apps. 

Try configuring sameSite in your cookieOptions:

const cookieOptions = {
  httpOnly: true,
  secure: true,
  signed: true,
  overwrite: true,
  sameSite: 'none'
};

 

0 Likes