We have a website developped in Drupal which is connected to Shopify: we use a Shopify private app both to retrieve the product catalog and to add articles to cart.
We use the Admin API to retrieve the product catalog --> this works fine
We use the Storefront API to add product to cart and to display the cart content--> since February and Chrome 80 version, we encounter an issue due to the way Chrome manages 3rd party cookies: fetching the cart content for several people doesn't work anymore.
Do you know why?
The only error we see in the console is "A cookie associated with a cross-site resource at https://REMOVED_URL was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`"
We notived that for some people using Chrome, when going the Chrome experiments Chrome://flags and disable the same-site attributes, relaunch Chrome, and then set back the the same-site attributes to "default", then Chrome is able to fetch the cart. We don't understand this issue. W
However, as we use a Shopify generated private app, we can't access any parameters and add the Samesite=none and secure on the Shopify side.
How to solve this issue?
Thanks for your help
Sure, the website is natan.be. Here are the steps to reproduce the issue:
You'll see in Chrome console tab several warnings mentionning that Samesite should be set to none
When looking at the cookie panel, we see that the cookies coming from https://natan-e-shop.myshopify.com/ don't contain the value "none" for the samesite attribute
The issue we had for several days and most of the people using Chrome was that the cart couldn't be retrieved and displayed, using the Storefront API.
The only way to retrieve the cart was to go to Chrome://flags and disable the same-site properties
Right now, the issue doesn't occur on most of the Chrome browsers because Chrome announced they stop deploying the samesite behavior due to covid19
However, if we go in Chrome://flags and enable the same-site properties, then the issue occurs back again
Thanks for your help
The site's adding to cart by posting to https://natan-e-shop.myshopify.com/cart/add and pulling content from https://natan-e-shop.myshopify.com/cart.json, resulting in cross-domain cookies. Use the Storefront API instead to get around this.
Let me know if you get stuck!