shopify_app 18.0.0 → 18.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7da18fdd3924eb35146d7ca4dbd928567e377757d0f3cc11c72ef6aa732e1cec
-  data.tar.gz: 5e90219d351aab20f23e247c28d63626ecbd1a26f960157a2e91221940b09b5f
+  metadata.gz: 05a2dce084fe578139757483538102b6f57d1fc4ec6935ae8ce4d11df7a914cf
+  data.tar.gz: 789a109b204a143850cc0c7d3fe14c6d4519b94d89671d46ddb09101283ceb7a
 SHA512:
-  metadata.gz: f29dcc0b4504248d2811d9d61be42fa03f2a161eb16f79dde1b044db71e6f2697847dabb80563cb1cd21cdcc3979b1eb147d6ff07e4a51baad571a8830ed4969
-  data.tar.gz: a2138081a6942f4418cf3efb72f63ed61a3de162686c2e3d1b9316ed7f292c0adf8fa5e248b8a5396504096d561248427de32a36b87d1f84bb6901fd9efca661
+  metadata.gz: 2cee778a503dc5652623f9b2d6e82b9844dff44840d77b57e8ecc4051bb7b3dd1707ba35cc2df93f348006da29251290b82c32988499f0e864d65d0d868bf00e
+  data.tar.gz: 6ff6e53fb49335ee6e151ce8d21d2b7bd66b8f9267b9ed03ef589282bc9db2e5e9a3c17e4d2dfcec6fca5cc7fe59676d28dc4762254b6dfab356f2bcc9c47ec4

data/CHANGELOG.md

@@ -1,5 +1,6 @@
-Unreleased
+18.0.1 (May 7, 2021)
 ----------
+* Fix bug causing OAuth flow to fail due to CSP violation. [#1265](https://github.com/Shopify/shopify_app/pull/1265)
 
 18.0.0 (May 3, 2021)
 ----------

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_app (18.0.0)
+    shopify_app (18.0.1)
       browser_sniffer (~> 1.2.2)
       jwt (>= 2.2.3)
       omniauth-rails_csrf_protection

data/app/assets/javascripts/shopify_app/post_redirect.js

@@ -0,0 +1,9 @@
+(function() {
+  function redirect() {
+    var form = document.getElementById("redirect-form");
+    if (form) {
+      form.submit();
+    }
+  }
+  document.addEventListener("DOMContentLoaded", redirect);
+})();

data/app/views/shopify_app/shared/post_redirect_to_auth_shopify.html.erb

@@ -5,15 +5,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <base target="_top">
   <title>Redirecting…</title>
-  <script>
-    function redirect() {
-      var form = document.getElementById("redirect-form");
-      if (form) {
-        form.submit();
-      }
-    }
-    document.addEventListener("DOMContentLoaded", redirect);
-  </script>
+  <%= javascript_include_tag('shopify_app/post_redirect', crossorigin: 'anonymous', integrity: true) %>
 </head>
 <body>
   <%= form_tag '/auth/shopify', id: 'redirect-form' %>

data/docs/Troubleshooting.md

@@ -11,6 +11,7 @@
 [App installation](#app-installation)
   * [My app won't install](#my-app-wont-install)
   * [My app keeps redirecting to login](#my-app-keeps-redirecting-to-login)
+  * [My app returns 401 during oauth](#my-app-returns-401-during-oauth)
 
 [JWT session tokens](#jwt-session-tokens)
   * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
@@ -67,6 +68,10 @@ Alternatively, you can upgrade to [`v17.2.0` of the shopify_app gem](/docs/Upgra
 
 This issue can occur when the session (the model you set as `ShopifyApp::SessionRepository.storage`) isn't deleted when the user uninstalls your app. A possible fix for this is listening to the `app/uninstalled` webhook and deleting the corresponding session in the webhook handler.
 
+### My app returns 401 during oauth
+
+If your local dev env uses the `cookie_store` session storage strategy, you may encounter 401 errors during oauth due to a race condition between asset requests and `/auth/shopify`. You should be able to work around for local testing by using a different browser or session storage strategy.  [Read more about the status of this issue](https://github.com/Shopify/shopify_app/issues/1269).
+
 ## JWT session tokens
 
 ### My app is still using cookies to authenticate

data/lib/shopify_app/engine.rb

@@ -17,6 +17,7 @@ module ShopifyApp
     initializer "shopify_app.assets.precompile" do |app|
       app.config.assets.precompile += %w[
         shopify_app/redirect.js
+        shopify_app/post_redirect.js
         shopify_app/top_level.js
         shopify_app/enable_cookies.js
         shopify_app/request_storage_access.js

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '18.0.0'
+  VERSION = '18.0.1'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "18.0.0",
+  "version": "18.0.1",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/service.yml

@@ -1,4 +1,4 @@
 audience: partner
 classification: library
 slack_channels:
-- core-build-extend
+- shopify_app_gem

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 18.0.0
+  version: 18.0.1
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-03 00:00:00.000000000 Z
+date: 2021-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -286,6 +286,7 @@ files:
 - app/assets/javascripts/shopify_app/enable_cookies.js
 - app/assets/javascripts/shopify_app/itp_helper.js
 - app/assets/javascripts/shopify_app/partition_cookies.js
+- app/assets/javascripts/shopify_app/post_redirect.js
 - app/assets/javascripts/shopify_app/redirect.js
 - app/assets/javascripts/shopify_app/request_storage_access.js
 - app/assets/javascripts/shopify_app/storage_access.js