Safari is expected to release a new version of its Intelligent Tracking Protection (ITP) 2.0 in Safari on September 24th with macOS 10.14 Mojave.
Unlike earlier versions, ITP 2.0 immediately partitions cookies after a user interaction occurs on the top level domain (TLD). The previous general cookie access window of 24 hours after user interaction has been removed. This means that if your Shopify app is embedded, your cookies may be blocked if ITP classifies you as a tracker and no user interaction has occured on the TLD.
We've seen a lot of apps already make the required changes ahead of schedule, but wanted to post here to remind people about the change to Safari and how it may affect their apps across the web.
What this means for your embedded apps on Shopify (and any other platform) :
If you rely on cookies during authentication, Safari may require you to first redirect to a page on your own top level domain, and set a cookie after a user action (like a button click). We have more details on this implementation in our docs. If Safari classifies you as a tracker, and you don't take one of the aforementioned actions, your app will not be accessible by Safari users.
Safari uses an undocumented machine-learning algorithm to decide whether or not it classifies a cookie as a tracker, and cookies are dynamically deleted based on the results of these algorithms. This can be a pain to test. You'll need to use ITP debug mode in Safari Technology Preview 62, and classify a custom domain to test with using the instructions provided.
If you have any more questions about this, post here and we'll do our best to shed some light on how Apple's change will affect your apps across the web.
Or we just tell people that they should not use Safari with our App. It is possible these days to use other browsers without any troubles.
Based on the convoluted and murky solution presented in the docs, it is much much easier to just tell people to drop Safari. I get it though, all the other browsers will soon be doing the same kind of operations, so why not explore the madness now, while it is singular in nature.
Internet computing used to be fun, before businesses ruined it by abusing it. Only took them a decade!! Record time in the big scheme of business schenanigans.
Based on the convoluted and murky solution presented in the docs
It's not the greatest, but it's currently the only option to allow for multi-page embedded experiences. If you have any suggestions on things to change or particularly confusing parts, I'll do my best to update them.
We're exploring some options to make this less convoluted, hopefully some changes make their way into future builds of Safari that will make this easier.
Internet computing used to be fun, before businesses ruined it by abusing it.
Our customers often use our app on the iPad (mobile Safari). I'm assuming this change will affect those users, or is this only for desktop Safari users? I'm also curious how this will affect POS apps. Don't apps use Safari as the rendering engine for in-app modals?
Right now this isn't a problem with POS apps, but I'd recommend keeping an eye on the Safari changelog just in case.