Why does my embedded app get rejected for using 3rd party cookies?

Technical Q&A

Topic summary

An embedded Shopify app built with Vue.js and Node.js was rejected during review for relying on 3rd‑party cookies. Shopify’s feedback states embedded apps that depend on 3rd‑party cookies are prohibited and must use session tokens instead.

Key review notes:

  • “Embedded apps that rely on 3rd party cookies are prohibited.”
  • “Implement session tokens to embed your app.”
  • The app shows an error when 3rd‑party cookies are blocked.

Observed behavior: entering via an incognito tab triggers a “refused to connect” error. The developer says they don’t use cookies, only localStorage, and asks for the cause and a fix.

Additional input: two other participants report the same issue and ask if there’s a solution.

Status: no solution or concrete steps beyond Shopify’s instruction to implement session tokens were provided in the thread. The issue remains open with unanswered questions about the exact cause despite not explicitly using cookies.

Summarized with AI on January 28. AI used: gpt-5.
1

I’m willing to start a new Shopify app with vuejs and nodejs, the app is embedded.

It was rejected when I submitted my app for review.

Reply from Shopify:

Embedded apps that rely on 3rd party cookies are prohibited from the Shopify App Store. Implement session tokens to embed your app. Review our requirements for more information. The app shows an error when the 3rd party cookies are blocked.

**I’m getting a refused to connect error when entering from the incognito tab.**I don’t use cookies but I do use local Storage.

What can I do about it?

What is the cause of the problem?

1 Like
2

Did you figure this out? I’m having the same issue.

3

Me too. Is there a solution?