Embedded app not loading in incognito

Shopify / shopify_app

A Rails Engine for building Shopify Apps

MIT License

1.74k stars 683 forks source link

Embedded app not loading in incognito #1831

Closed sudharshan-tagalys closed 1 month ago

sudharshan-tagalys commented 2 months ago

Shopify app version:

shopify_app version: 18.1.3
Ruby version: 2.6.0
Operating system: Ubuntu

Expected behavior

What do you think should happen?

The embedded app should load in the incognito browser too.

Actual behavior

What actually happens?

The embedded app fails to load in the incognito browser, with the following errors in the browser console. Please find the following screenshot:

On further debugging through the shopify_app gem code, looks like the session[:shop_id] is nil and shopify_app is rendering the "request_storage_access.html.erb" which includes the "request_storage_access.js" file. This JS file is trying to access the sessionStorage and causing the code to crash as the third-party cookies are disabled in the incognito.

Other information: ShopifyApp is configured to use allow_cookie_authentication and is set to true.

How can I resolve this issue?

sudharshan-tagalys commented 2 months ago

Update: I could able to figure out this issue is due to blocking of third party cookie in incognito. Also, I could see there's a allow_jwt_authentication option available. Is just allow_jwt_authentication setting to true is enough? I am not able to find much documentation on setting up JWT with shopify_app gem. Any doc links or instruction would be truly helpful.

lizkenyon commented 2 months ago

Hi there 👋

You will want to take a look at the upgrading to v.19.0.0 migration guide. And the related documentation in shopify-api-ruby. For the process of upgrading your application from cookies to session tokens.

sudharshan-tagalys commented 2 months ago

Hi, I can use shopify_app 18.1.3 gem and still be able to transition to use session tokens(using config.allow_jwt_authentication) right?

lizkenyon commented 2 months ago

Yes you should be able to use session tokens. Take a look at the documentation here

geoffrey-syncx commented 2 months ago

Hi @lizkenyon, in order for my app to work as embedded, what is the lowest shopify_app version required?

sle-c commented 2 months ago

I recommend upgrading to v19.0 for better JWT session token support.

github-actions[bot] commented 1 month ago

We are closing this issue because we did not hear back regarding additional details we needed to resolve this issue. If the issue persists and you are able to provide the missing clarification we need, feel free to respond and reopen this issue.

We appreciate your understanding as we try to manage our number of open issues.