shopify_app 12.0.0 → 12.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/app/assets/javascripts/shopify_app/itp_helper.js +6 -6
- data/app/assets/javascripts/shopify_app/storage_access.js +35 -6
- data/app/controllers/shopify_app/sessions_controller.rb +8 -6
- data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
- data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
- data/config/locales/pt-BR.yml +1 -1
- data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +1 -5
- data/lib/shopify_app/configuration.rb +1 -1
- data/lib/shopify_app/controller_concerns/login_protection.rb +4 -2
- data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +5 -5
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e21696bedf0e9066e0363ffa54535563d57b04990c4fd8c39f61b24c9e7dd5a5
|
|
4
|
+
data.tar.gz: 0557a4eb040fe7dcc68b576ab90237902c4ec2a7e60f5352607a1753a2dc4d7b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4adc7c54f7662d8c4427012de16b9aa2bafd3c984ea4bf13d77c36722035f32ed3fe9a00b7d45c4dacad24a4d99d2b3939defcc7a0eeaea99efeed3be2f771a2
|
|
7
|
+
data.tar.gz: 2ae0baab7a365863bfc0530a4264b6397f59d447db24ba59fda93f455b44582fd432c2525fc064285b7c314f5bcbd6883568e2cd28460922911d14f340834228
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
12.0.1
|
|
2
|
+
------
|
|
3
|
+
* disable samesite cookie middleware in tests
|
|
4
|
+
* middleware compatibility for ruby 2.3
|
|
5
|
+
* samesite cookie fixes for javascript libraries
|
|
6
|
+
* change generators to add AppBridge instead of EASDK
|
|
7
|
+
* Fix for return_to in safari after enable_cookies/granted_storage_access
|
|
8
|
+
|
|
1
9
|
12.0.0
|
|
2
10
|
-----
|
|
3
11
|
* Updating shopify_api gem to 9.0.0
|
|
@@ -4,31 +4,31 @@
|
|
|
4
4
|
this.itpAction = document.getElementById('TopLevelInteractionButton');
|
|
5
5
|
this.redirectUrl = opts.redirectUrl;
|
|
6
6
|
}
|
|
7
|
-
|
|
7
|
+
|
|
8
8
|
ITPHelper.prototype.redirect = function() {
|
|
9
9
|
sessionStorage.setItem('shopify.top_level_interaction', true);
|
|
10
10
|
window.location.href = this.redirectUrl;
|
|
11
11
|
}
|
|
12
|
-
|
|
12
|
+
|
|
13
13
|
ITPHelper.prototype.userAgentIsAffected = function() {
|
|
14
14
|
return Boolean(document.hasStorageAccess);
|
|
15
15
|
}
|
|
16
|
-
|
|
16
|
+
|
|
17
17
|
ITPHelper.prototype.canPartitionCookies = function() {
|
|
18
18
|
var versionRegEx = /Version\/12\.0\.?\d? Safari/;
|
|
19
19
|
return versionRegEx.test(navigator.userAgent);
|
|
20
20
|
}
|
|
21
|
-
|
|
21
|
+
|
|
22
22
|
ITPHelper.prototype.setUpContent = function(onClick) {
|
|
23
23
|
this.itpContent.style.display = 'block';
|
|
24
24
|
this.itpAction.addEventListener('click', this.redirect.bind(this));
|
|
25
25
|
}
|
|
26
|
-
|
|
26
|
+
|
|
27
27
|
ITPHelper.prototype.execute = function() {
|
|
28
28
|
if (!this.itpContent) {
|
|
29
29
|
return;
|
|
30
30
|
}
|
|
31
|
-
|
|
31
|
+
|
|
32
32
|
if (this.userAgentIsAffected()) {
|
|
33
33
|
this.setUpContent();
|
|
34
34
|
} else {
|
|
@@ -28,18 +28,47 @@
|
|
|
28
28
|
window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
|
|
29
29
|
}
|
|
30
30
|
|
|
31
|
-
StorageAccessHelper.prototype.
|
|
32
|
-
window.location.href = this.redirectData.
|
|
31
|
+
StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
|
|
32
|
+
window.location.href = this.redirectData.appTargetUrl;
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
|
|
36
|
+
return ua.includes("iPhone OS 12_") || ua.includes("iPad; CPU OS 12_") || //iOS 12
|
|
37
|
+
(ua.includes("UCBrowser/")
|
|
38
|
+
? this.isOlderUcBrowser(ua) //UC Browser < 12.13.2
|
|
39
|
+
: (ua.includes("Chrome/5") || ua.includes("Chrome/6"))) ||
|
|
40
|
+
ua.includes("Chromium/5") || ua.includes("Chromium/6") ||
|
|
41
|
+
(ua.includes(" OS X 10_14_") &&
|
|
42
|
+
((ua.includes("Version/") && ua.includes("Safari")) || //Safari on MacOS 10.14
|
|
43
|
+
ua.endsWith("(KHTML, like Gecko)"))); //Web view on MacOS 10.14
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
StorageAccessHelper.prototype.isOlderUcBrowser = function(ua) {
|
|
47
|
+
var match = ua.match(/UCBrowser\/(\d+)\.(\d+)\.(\d+)\./);
|
|
48
|
+
if (!match) return false;
|
|
49
|
+
var major = parseInt(match[1]);
|
|
50
|
+
var minor = parseInt(match[2]);
|
|
51
|
+
var build = parseInt(match[3]);
|
|
52
|
+
if (major != 12) return major < 12;
|
|
53
|
+
if (minor != 13) return minor < 13;
|
|
54
|
+
return build < 2;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
StorageAccessHelper.prototype.setCookie = function(value) {
|
|
58
|
+
if(!this.sameSiteNoneIncompatible(navigator.userAgent)) {
|
|
59
|
+
value += '; secure; SameSite=None'
|
|
60
|
+
}
|
|
61
|
+
document.cookie = value;
|
|
33
62
|
}
|
|
34
63
|
|
|
35
64
|
StorageAccessHelper.prototype.grantedStorageAccess = function() {
|
|
36
65
|
try {
|
|
37
66
|
sessionStorage.setItem('shopify.granted_storage_access', true);
|
|
38
|
-
|
|
67
|
+
this.setCookie('shopify.granted_storage_access=true');
|
|
39
68
|
if (!document.cookie) {
|
|
40
69
|
throw 'Cannot set third-party cookie.'
|
|
41
70
|
}
|
|
42
|
-
this.
|
|
71
|
+
this.redirectToAppTargetUrl();
|
|
43
72
|
} catch (error) {
|
|
44
73
|
console.warn('Third party cookies may be blocked.', error);
|
|
45
74
|
this.redirectToAppTLD(ACCESS_DENIED_STATUS);
|
|
@@ -61,7 +90,7 @@
|
|
|
61
90
|
StorageAccessHelper.prototype.handleHasStorageAccess = function() {
|
|
62
91
|
if (sessionStorage.getItem('shopify.granted_storage_access')) {
|
|
63
92
|
// If app was classified by ITP and used Storage Access API to acquire access
|
|
64
|
-
this.
|
|
93
|
+
this.redirectToAppTargetUrl();
|
|
65
94
|
} else {
|
|
66
95
|
// If app has not been classified by ITP and still has storage access
|
|
67
96
|
this.redirectToAppTLD(ACCESS_GRANTED_STATUS);
|
|
@@ -107,7 +136,7 @@
|
|
|
107
136
|
}
|
|
108
137
|
|
|
109
138
|
StorageAccessHelper.prototype.setCookieAndRedirect = function() {
|
|
110
|
-
|
|
139
|
+
this.setCookie('shopify.cookies_persist=true');
|
|
111
140
|
var helper = this.setUpHelper();
|
|
112
141
|
helper.redirect();
|
|
113
142
|
}
|
|
@@ -20,11 +20,12 @@ module ShopifyApp
|
|
|
20
20
|
|
|
21
21
|
render(:enable_cookies, layout: false, locals: {
|
|
22
22
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
23
|
-
shop: sanitized_shop_name
|
|
23
|
+
shop: sanitized_shop_name,
|
|
24
|
+
return_to: params[:return_to]
|
|
24
25
|
),
|
|
25
26
|
has_storage_access_url: login_url_with_optional_shop(top_level: true),
|
|
26
|
-
|
|
27
|
-
current_shopify_domain: current_shopify_domain
|
|
27
|
+
app_target_url: params[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
|
|
28
|
+
current_shopify_domain: current_shopify_domain
|
|
28
29
|
})
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -133,11 +134,12 @@ module ShopifyApp
|
|
|
133
134
|
layout: false,
|
|
134
135
|
locals: {
|
|
135
136
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
136
|
-
shop: sanitized_shop_name
|
|
137
|
+
shop: sanitized_shop_name,
|
|
138
|
+
return_to: session[:return_to]
|
|
137
139
|
),
|
|
138
140
|
has_storage_access_url: login_url_with_optional_shop(top_level: true),
|
|
139
|
-
|
|
140
|
-
current_shopify_domain: current_shopify_domain
|
|
141
|
+
app_target_url: session[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
|
|
142
|
+
current_shopify_domain: current_shopify_domain
|
|
141
143
|
}
|
|
142
144
|
)
|
|
143
145
|
end
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
myshopifyUrl: "https://#{current_shopify_domain}",
|
|
33
33
|
hasStorageAccessUrl: "#{has_storage_access_url}",
|
|
34
34
|
doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
|
|
35
|
-
|
|
35
|
+
appTargetUrl: "#{app_target_url}"
|
|
36
36
|
},
|
|
37
37
|
},
|
|
38
38
|
)
|
|
@@ -24,7 +24,7 @@
|
|
|
24
24
|
myshopifyUrl: "https://#{current_shopify_domain}",
|
|
25
25
|
hasStorageAccessUrl: "#{has_storage_access_url}",
|
|
26
26
|
doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
|
|
27
|
-
|
|
27
|
+
appTargetUrl: "#{app_target_url}"
|
|
28
28
|
},
|
|
29
29
|
},
|
|
30
30
|
)
|
data/config/locales/pt-BR.yml
CHANGED
|
@@ -4,7 +4,7 @@ pt-BR:
|
|
|
4
4
|
could_not_log_in: Não foi possível fazer login na Shopify store
|
|
5
5
|
invalid_shop_url: Domínio de loja inválido
|
|
6
6
|
enable_cookies_heading: Habilitar cookies de %{app}
|
|
7
|
-
enable_cookies_body: Você
|
|
7
|
+
enable_cookies_body: Você precisa habilitar manualmente os cookies neste navegador
|
|
8
8
|
para usar %{app} dentro da Shopify.
|
|
9
9
|
enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
|
|
10
10
|
suas preferências e dados pessoais. Eles expiram depois de 30 dias.
|
|
@@ -3,11 +3,7 @@
|
|
|
3
3
|
class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
|
|
4
4
|
def preload_form_data
|
|
5
5
|
preload_data = {
|
|
6
|
-
"form_data": {
|
|
7
|
-
"budget": {
|
|
8
|
-
"currency": "USD",
|
|
9
|
-
}
|
|
10
|
-
}
|
|
6
|
+
"form_data": {}
|
|
11
7
|
}
|
|
12
8
|
render(json: preload_data, status: :ok)
|
|
13
9
|
end
|
|
@@ -100,8 +100,10 @@ module ShopifyApp
|
|
|
100
100
|
query_params = {}
|
|
101
101
|
query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
|
|
102
102
|
|
|
103
|
-
|
|
104
|
-
|
|
103
|
+
return_to = session[:return_to] || params[:return_to]
|
|
104
|
+
|
|
105
|
+
if return_to.present? && return_to_param_required?
|
|
106
|
+
query_params[:return_to] = return_to
|
|
105
107
|
end
|
|
106
108
|
|
|
107
109
|
has_referer_shop_name = referer_sanitized_shop_name.present?
|
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
|
16
16
|
|
|
17
17
|
cookies.each do |cookie|
|
|
18
18
|
unless cookie.include?("; SameSite")
|
|
19
|
-
headers['Set-Cookie'] = headers['Set-Cookie'].gsub(
|
|
19
|
+
headers['Set-Cookie'] = headers['Set-Cookie'].gsub(cookie, "#{cookie}; secure; SameSite=None")
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
end
|
|
@@ -31,8 +31,8 @@ module ShopifyApp
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def self.webkit_same_site_bug?(sniffer)
|
|
34
|
-
(sniffer.os == :ios && sniffer.os_version.match
|
|
35
|
-
(sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match
|
|
34
|
+
(sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
|
|
35
|
+
(sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def self.drops_unrecognized_same_site_cookies?(sniffer)
|
|
@@ -41,11 +41,11 @@ module ShopifyApp
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def self.chromium_based?(sniffer)
|
|
44
|
-
sniffer.browser_name.downcase.match
|
|
44
|
+
sniffer.browser_name.downcase.match(/chrom(e|ium)/)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.uc_browser?(sniffer)
|
|
48
|
-
sniffer.user_agent.downcase.match
|
|
48
|
+
sniffer.user_agent.downcase.match(/uc\s?browser/)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "shopify_app",
|
|
3
|
+
"version": "12.0.1",
|
|
3
4
|
"repository": "git@github.com:Shopify/shopify_app.git",
|
|
4
5
|
"author": "Shopify",
|
|
5
6
|
"license": "MIT",
|
|
@@ -23,6 +24,5 @@
|
|
|
23
24
|
},
|
|
24
25
|
"scripts": {
|
|
25
26
|
"test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
|
|
26
|
-
}
|
|
27
|
-
"version": "12.0.0"
|
|
27
|
+
}
|
|
28
28
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 12.0.
|
|
4
|
+
version: 12.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-02-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: browser_sniffer
|