From fd96feb1b88e237172e04a4d16d6d8b3607c5e85 Mon Sep 17 00:00:00 2001
From: Ryan Ray <ryan@shelfspace.me>
Date: Sun, 28 Jan 2024 10:51:29 -0700
Subject: [PATCH] fix: problem with custom app install not passing the cookies
 due to sameSite=lax.

See this PR for other people who have ran into this issue
https://github.com/Shopify/shopify-api-js/pull/905
---
 packages/shopify-api/lib/auth/oauth/oauth.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/shopify-api/lib/auth/oauth/oauth.ts b/packages/shopify-api/lib/auth/oauth/oauth.ts
index 0acf02192..db6f912b7 100644
--- a/packages/shopify-api/lib/auth/oauth/oauth.ts
+++ b/packages/shopify-api/lib/auth/oauth/oauth.ts
@@ -94,9 +94,12 @@ export function begin(config: ConfigInterface): OAuthBegin {
 
     await cookies.setAndSign(STATE_COOKIE_NAME, state, {
       expires: new Date(Date.now() + 60000),
-      sameSite: 'lax',
-      secure: true,
+      // hack necessary due to browsers not setting cookies with sameSite=lax
+      // https://github.com/Shopify/shopify-api-js/pull/905
+      sameSite: 'none',
+      secure: true, // needs to be true, especially when sameSite=none
       path: callbackPath,
+      domain: config.cookieDomain || undefined,
     });
 
     const query = {