shopify_app 12.0.0 → 12.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/app/assets/javascripts/shopify_app/itp_helper.js +6 -6
- data/app/assets/javascripts/shopify_app/storage_access.js +35 -6
- data/app/controllers/shopify_app/sessions_controller.rb +8 -6
- data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
- data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
- data/config/locales/pt-BR.yml +1 -1
- data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +1 -5
- data/lib/shopify_app/configuration.rb +1 -1
- data/lib/shopify_app/controller_concerns/login_protection.rb +4 -2
- data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +5 -5
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e21696bedf0e9066e0363ffa54535563d57b04990c4fd8c39f61b24c9e7dd5a5
|
|
4
|
+
data.tar.gz: 0557a4eb040fe7dcc68b576ab90237902c4ec2a7e60f5352607a1753a2dc4d7b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4adc7c54f7662d8c4427012de16b9aa2bafd3c984ea4bf13d77c36722035f32ed3fe9a00b7d45c4dacad24a4d99d2b3939defcc7a0eeaea99efeed3be2f771a2
|
|
7
|
+
data.tar.gz: 2ae0baab7a365863bfc0530a4264b6397f59d447db24ba59fda93f455b44582fd432c2525fc064285b7c314f5bcbd6883568e2cd28460922911d14f340834228
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
12.0.1
|
|
2
|
+
------
|
|
3
|
+
* disable samesite cookie middleware in tests
|
|
4
|
+
* middleware compatibility for ruby 2.3
|
|
5
|
+
* samesite cookie fixes for javascript libraries
|
|
6
|
+
* change generators to add AppBridge instead of EASDK
|
|
7
|
+
* Fix for return_to in safari after enable_cookies/granted_storage_access
|
|
8
|
+
|
|
1
9
|
12.0.0
|
|
2
10
|
-----
|
|
3
11
|
* Updating shopify_api gem to 9.0.0
|
|
@@ -4,31 +4,31 @@
|
|
|
4
4
|
this.itpAction = document.getElementById('TopLevelInteractionButton');
|
|
5
5
|
this.redirectUrl = opts.redirectUrl;
|
|
6
6
|
}
|
|
7
|
-
|
|
7
|
+
|
|
8
8
|
ITPHelper.prototype.redirect = function() {
|
|
9
9
|
sessionStorage.setItem('shopify.top_level_interaction', true);
|
|
10
10
|
window.location.href = this.redirectUrl;
|
|
11
11
|
}
|
|
12
|
-
|
|
12
|
+
|
|
13
13
|
ITPHelper.prototype.userAgentIsAffected = function() {
|
|
14
14
|
return Boolean(document.hasStorageAccess);
|
|
15
15
|
}
|
|
16
|
-
|
|
16
|
+
|
|
17
17
|
ITPHelper.prototype.canPartitionCookies = function() {
|
|
18
18
|
var versionRegEx = /Version\/12\.0\.?\d? Safari/;
|
|
19
19
|
return versionRegEx.test(navigator.userAgent);
|
|
20
20
|
}
|
|
21
|
-
|
|
21
|
+
|
|
22
22
|
ITPHelper.prototype.setUpContent = function(onClick) {
|
|
23
23
|
this.itpContent.style.display = 'block';
|
|
24
24
|
this.itpAction.addEventListener('click', this.redirect.bind(this));
|
|
25
25
|
}
|
|
26
|
-
|
|
26
|
+
|
|
27
27
|
ITPHelper.prototype.execute = function() {
|
|
28
28
|
if (!this.itpContent) {
|
|
29
29
|
return;
|
|
30
30
|
}
|
|
31
|
-
|
|
31
|
+
|
|
32
32
|
if (this.userAgentIsAffected()) {
|
|
33
33
|
this.setUpContent();
|
|
34
34
|
} else {
|
|
@@ -28,18 +28,47 @@
|
|
|
28
28
|
window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
|
|
29
29
|
}
|
|
30
30
|
|
|
31
|
-
StorageAccessHelper.prototype.
|
|
32
|
-
window.location.href = this.redirectData.
|
|
31
|
+
StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
|
|
32
|
+
window.location.href = this.redirectData.appTargetUrl;
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
|
|
36
|
+
return ua.includes("iPhone OS 12_") || ua.includes("iPad; CPU OS 12_") || //iOS 12
|
|
37
|
+
(ua.includes("UCBrowser/")
|
|
38
|
+
? this.isOlderUcBrowser(ua) //UC Browser < 12.13.2
|
|
39
|
+
: (ua.includes("Chrome/5") || ua.includes("Chrome/6"))) ||
|
|
40
|
+
ua.includes("Chromium/5") || ua.includes("Chromium/6") ||
|
|
41
|
+
(ua.includes(" OS X 10_14_") &&
|
|
42
|
+
((ua.includes("Version/") && ua.includes("Safari")) || //Safari on MacOS 10.14
|
|
43
|
+
ua.endsWith("(KHTML, like Gecko)"))); //Web view on MacOS 10.14
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
StorageAccessHelper.prototype.isOlderUcBrowser = function(ua) {
|
|
47
|
+
var match = ua.match(/UCBrowser\/(\d+)\.(\d+)\.(\d+)\./);
|
|
48
|
+
if (!match) return false;
|
|
49
|
+
var major = parseInt(match[1]);
|
|
50
|
+
var minor = parseInt(match[2]);
|
|
51
|
+
var build = parseInt(match[3]);
|
|
52
|
+
if (major != 12) return major < 12;
|
|
53
|
+
if (minor != 13) return minor < 13;
|
|
54
|
+
return build < 2;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
StorageAccessHelper.prototype.setCookie = function(value) {
|
|
58
|
+
if(!this.sameSiteNoneIncompatible(navigator.userAgent)) {
|
|
59
|
+
value += '; secure; SameSite=None'
|
|
60
|
+
}
|
|
61
|
+
document.cookie = value;
|
|
33
62
|
}
|
|
34
63
|
|
|
35
64
|
StorageAccessHelper.prototype.grantedStorageAccess = function() {
|
|
36
65
|
try {
|
|
37
66
|
sessionStorage.setItem('shopify.granted_storage_access', true);
|
|
38
|
-
|
|
67
|
+
this.setCookie('shopify.granted_storage_access=true');
|
|
39
68
|
if (!document.cookie) {
|
|
40
69
|
throw 'Cannot set third-party cookie.'
|
|
41
70
|
}
|
|
42
|
-
this.
|
|
71
|
+
this.redirectToAppTargetUrl();
|
|
43
72
|
} catch (error) {
|
|
44
73
|
console.warn('Third party cookies may be blocked.', error);
|
|
45
74
|
this.redirectToAppTLD(ACCESS_DENIED_STATUS);
|
|
@@ -61,7 +90,7 @@
|
|
|
61
90
|
StorageAccessHelper.prototype.handleHasStorageAccess = function() {
|
|
62
91
|
if (sessionStorage.getItem('shopify.granted_storage_access')) {
|
|
63
92
|
// If app was classified by ITP and used Storage Access API to acquire access
|
|
64
|
-
this.
|
|
93
|
+
this.redirectToAppTargetUrl();
|
|
65
94
|
} else {
|
|
66
95
|
// If app has not been classified by ITP and still has storage access
|
|
67
96
|
this.redirectToAppTLD(ACCESS_GRANTED_STATUS);
|
|
@@ -107,7 +136,7 @@
|
|
|
107
136
|
}
|
|
108
137
|
|
|
109
138
|
StorageAccessHelper.prototype.setCookieAndRedirect = function() {
|
|
110
|
-
|
|
139
|
+
this.setCookie('shopify.cookies_persist=true');
|
|
111
140
|
var helper = this.setUpHelper();
|
|
112
141
|
helper.redirect();
|
|
113
142
|
}
|
|
@@ -20,11 +20,12 @@ module ShopifyApp
|
|
|
20
20
|
|
|
21
21
|
render(:enable_cookies, layout: false, locals: {
|
|
22
22
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
23
|
-
shop: sanitized_shop_name
|
|
23
|
+
shop: sanitized_shop_name,
|
|
24
|
+
return_to: params[:return_to]
|
|
24
25
|
),
|
|
25
26
|
has_storage_access_url: login_url_with_optional_shop(top_level: true),
|
|
26
|
-
|
|
27
|
-
current_shopify_domain: current_shopify_domain
|
|
27
|
+
app_target_url: params[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
|
|
28
|
+
current_shopify_domain: current_shopify_domain
|
|
28
29
|
})
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -133,11 +134,12 @@ module ShopifyApp
|
|
|
133
134
|
layout: false,
|
|
134
135
|
locals: {
|
|
135
136
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
136
|
-
shop: sanitized_shop_name
|
|
137
|
+
shop: sanitized_shop_name,
|
|
138
|
+
return_to: session[:return_to]
|
|
137
139
|
),
|
|
138
140
|
has_storage_access_url: login_url_with_optional_shop(top_level: true),
|
|
139
|
-
|
|
140
|
-
current_shopify_domain: current_shopify_domain
|
|
141
|
+
app_target_url: session[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
|
|
142
|
+
current_shopify_domain: current_shopify_domain
|
|
141
143
|
}
|
|
142
144
|
)
|
|
143
145
|
end
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
myshopifyUrl: "https://#{current_shopify_domain}",
|
|
33
33
|
hasStorageAccessUrl: "#{has_storage_access_url}",
|
|
34
34
|
doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
|
|
35
|
-
|
|
35
|
+
appTargetUrl: "#{app_target_url}"
|
|
36
36
|
},
|
|
37
37
|
},
|
|
38
38
|
)
|
|
@@ -24,7 +24,7 @@
|
|
|
24
24
|
myshopifyUrl: "https://#{current_shopify_domain}",
|
|
25
25
|
hasStorageAccessUrl: "#{has_storage_access_url}",
|
|
26
26
|
doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
|
|
27
|
-
|
|
27
|
+
appTargetUrl: "#{app_target_url}"
|
|
28
28
|
},
|
|
29
29
|
},
|
|
30
30
|
)
|
data/config/locales/pt-BR.yml
CHANGED
|
@@ -4,7 +4,7 @@ pt-BR:
|
|
|
4
4
|
could_not_log_in: Não foi possível fazer login na Shopify store
|
|
5
5
|
invalid_shop_url: Domínio de loja inválido
|
|
6
6
|
enable_cookies_heading: Habilitar cookies de %{app}
|
|
7
|
-
enable_cookies_body: Você
|
|
7
|
+
enable_cookies_body: Você precisa habilitar manualmente os cookies neste navegador
|
|
8
8
|
para usar %{app} dentro da Shopify.
|
|
9
9
|
enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
|
|
10
10
|
suas preferências e dados pessoais. Eles expiram depois de 30 dias.
|
|
@@ -3,11 +3,7 @@
|
|
|
3
3
|
class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
|
|
4
4
|
def preload_form_data
|
|
5
5
|
preload_data = {
|
|
6
|
-
"form_data": {
|
|
7
|
-
"budget": {
|
|
8
|
-
"currency": "USD",
|
|
9
|
-
}
|
|
10
|
-
}
|
|
6
|
+
"form_data": {}
|
|
11
7
|
}
|
|
12
8
|
render(json: preload_data, status: :ok)
|
|
13
9
|
end
|
|
@@ -100,8 +100,10 @@ module ShopifyApp
|
|
|
100
100
|
query_params = {}
|
|
101
101
|
query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
|
|
102
102
|
|
|
103
|
-
|
|
104
|
-
|
|
103
|
+
return_to = session[:return_to] || params[:return_to]
|
|
104
|
+
|
|
105
|
+
if return_to.present? && return_to_param_required?
|
|
106
|
+
query_params[:return_to] = return_to
|
|
105
107
|
end
|
|
106
108
|
|
|
107
109
|
has_referer_shop_name = referer_sanitized_shop_name.present?
|
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
|
16
16
|
|
|
17
17
|
cookies.each do |cookie|
|
|
18
18
|
unless cookie.include?("; SameSite")
|
|
19
|
-
headers['Set-Cookie'] = headers['Set-Cookie'].gsub(
|
|
19
|
+
headers['Set-Cookie'] = headers['Set-Cookie'].gsub(cookie, "#{cookie}; secure; SameSite=None")
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
end
|
|
@@ -31,8 +31,8 @@ module ShopifyApp
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def self.webkit_same_site_bug?(sniffer)
|
|
34
|
-
(sniffer.os == :ios && sniffer.os_version.match
|
|
35
|
-
(sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match
|
|
34
|
+
(sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
|
|
35
|
+
(sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
def self.drops_unrecognized_same_site_cookies?(sniffer)
|
|
@@ -41,11 +41,11 @@ module ShopifyApp
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def self.chromium_based?(sniffer)
|
|
44
|
-
sniffer.browser_name.downcase.match
|
|
44
|
+
sniffer.browser_name.downcase.match(/chrom(e|ium)/)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def self.uc_browser?(sniffer)
|
|
48
|
-
sniffer.user_agent.downcase.match
|
|
48
|
+
sniffer.user_agent.downcase.match(/uc\s?browser/)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "shopify_app",
|
|
3
|
+
"version": "12.0.1",
|
|
3
4
|
"repository": "git@github.com:Shopify/shopify_app.git",
|
|
4
5
|
"author": "Shopify",
|
|
5
6
|
"license": "MIT",
|
|
@@ -23,6 +24,5 @@
|
|
|
23
24
|
},
|
|
24
25
|
"scripts": {
|
|
25
26
|
"test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
|
|
26
|
-
}
|
|
27
|
-
"version": "12.0.0"
|
|
27
|
+
}
|
|
28
28
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 12.0.
|
|
4
|
+
version: 12.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-02-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: browser_sniffer
|