fix: problem with custom app install not passing the cookies due to s…

…ameSite=lax. See this PR for other people who have ran into this issue Shopify#905
JoinCollabMarket · Jan 28, 2024 · fd96feb · fd96feb
1 parent 51f3c27
commit fd96feb
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/packages/shopify-api/lib/auth/oauth/oauth.ts b/packages/shopify-api/lib/auth/oauth/oauth.ts
@@ -94,9 +94,12 @@ export function begin(config: ConfigInterface): OAuthBegin {
 
     await cookies.setAndSign(STATE_COOKIE_NAME, state, {
       expires: new Date(Date.now() + 60000),
-      sameSite: 'lax',
-      secure: true,
+      // hack necessary due to browsers not setting cookies with sameSite=lax
+      // https://github.com/Shopify/shopify-api-js/pull/905
+      sameSite: 'none',
+      secure: true, // needs to be true, especially when sameSite=none
       path: callbackPath,
+      domain: config.cookieDomain || undefined,
     });
 
     const query = {