Remove usage of samesite=none for cookies - Githubissues

Shopify / koa-shopify-auth

DEPRECATED Middleware to authenticate a Koa application with Shopify

MIT License

80 stars 63 forks source link

Remove usage of samesite=none for cookies #83

Closed thecodepixi closed 3 years ago

thecodepixi commented 3 years ago

WHY are these changes introduced?

Fixes #81

The top level oauth cookie was set to samesite=none causing it to be treated as a 3rd party cookie during app review.

WHAT is this pull request doing?

Removes all usage of samesite=none behavior for cookies.

Type of change

[ ] Patch: Bug (non-breaking change which fixes an issue)
[x] Minor: New feature (non-breaking change which adds functionality)
[ ] Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

[x] I have added a changelog entry, prefixed by the type of change noted above
[x] I have added/updated tests for this change