I recently had an app rejected due to usage of '3rd party cookies'. Proof of this was a screencast where the below image appeared, showing an Enable Cookies message, before redirecting to the app's homepage.
However, the app doesn't make any use of 3rd party cookies. It's authenitication and set up is the same as that created using the Shopify CLI.
Browser cookies for reference
Just to make sure, I also deployed the default Shopify Node app created by Shopify CLI (https://github.com/Shopify/shopify-app-node). That too had the same cookies message, despite not actually using 3rd party cookies like my app.
This video shows the message appear on the sample app : https://cdn.shopify.com/s/files/1/0585/3596/8952/files/Desktop_2021.11.17_-_12.36.50.02_Trim.mp4?v=1...
Is there something I'm missing here? The app was rejected due to something the sample Shopify app is doing too. No third party cookies is being used, so was this just a app verification mistake?
Ok, it does seem this message appearing is an issue, or the sample app https://github.com/Shopify/shopify-app-node does use third party cookies.
To recreate, I've:
- Updated URL, secret, etc in app dashboard
- Opened app in dev store
- Enable cookies message appears
- Redirects to embedded homepage
This messaging appearing is causing apps to be rejected.
Deploy was to Google App Engine. Enable cookies message only appears again after some time, token expiring I'm assuming.
Also tried CLI, tried deploying to Heroku, all cause message to appear.