@Michael_Ragalie The rules changed in last week’s Safari 13.1 release.
We were able to work around previous privacy changes (‘Prevent cross-site tracking’ and ITP 2.3) by using App Bridge to redirect the top window to set a cookie from our domain and then back into our app (which App Bridge automatically puts back in its correct frame). If you are classified as a tracking domain, then the user activation was required.
Safari 13.1 is a different beast, though. As I understand it, our app can only read its (previously set) first-party cookies after user interaction. And this only works if the app ‘iframe’ element is sandboxed with the appropriate tokens:
So we need Shopify to add these to the embedded app iframe element in order to support this.
I’ve confirmed that Shopify’s own ‘Order Printer’ app does not work in Safari 13.1. It redirects a few times and then gives up with an error. Presumably, all other apps are broken on this browser too.