@faststore/core 3.96.2 → 3.96.4-dev.0

package/.turbo/turbo-build.log

@@ -1,23 +1,23 @@
 
-> @faststore/core@3.96.1 prebuild /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 prebuild /home/runner/work/faststore/faststore/packages/core
 > na run partytown && na run generate
 
 
-> @faststore/core@3.96.1 partytown /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 partytown /home/runner/work/faststore/faststore/packages/core
 > partytown copylib ./public/~partytown
 
 Partytown lib copied to: /home/runner/work/faststore/faststore/packages/core/public/~partytown
 
-> @faststore/core@3.96.1 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 generate /home/runner/work/faststore/faststore/packages/core
 > na run generate:schema && na run generate:codegen && na run format:generated
 
 
-> @faststore/core@3.96.1 generate:schema /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 generate:schema /home/runner/work/faststore/faststore/packages/core
 > tsx src/server/generator/generateGraphQLSchemaFile.ts
 
 Schema GraphQL file generated successfully
 
-> @faststore/core@3.96.1 generate:codegen /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 generate:codegen /home/runner/work/faststore/faststore/packages/core
 > graphql-codegen
 
 [STARTED] Parse Configuration
@@ -37,11 +37,11 @@ Running lifecycle hook "afterStart" scripts...
 [CLI] Loading Documents
 [CLI] Generating output
 
-> @faststore/core@3.96.1 format:generated /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 format:generated /home/runner/work/faststore/faststore/packages/core
 > prettier --write "@generated/**/*.{ts,js,tsx,jsx,json}" --loglevel error
 
 
-> @faststore/core@3.96.1 build /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 build /home/runner/work/faststore/faststore/packages/core
 > next build
 
 ⚠ No build cache found. Please configure build caching for faster rebuilds. Read more: https://nextjs.org/docs/messages/no-cache
@@ -80,8 +80,8 @@ Import trace for requested module:
    Collecting page data ...
    Generating static pages (0/6) ...
 
   Generating static pages (1/6) 
-
   Generating static pages (2/6) 
 Warning: Dynamic Content not found for the page: home. Refer to the Dynamic Content documentation at https://developers.vtex.com/docs/guides/faststore/dynamic-content-overview for mapping the page and the corresponding data-fetching function.
+
   Generating static pages (2/6) 
 
   Generating static pages (4/6) 
 
 ✓ Generating static pages (6/6) 
    Finalizing page optimization ...
@@ -91,39 +91,40 @@ Route (pages)                              Size     First Load JS
 ┌ ● /                                      7.39 kB         147 kB
 ├   └ css/02259c549b2179f2.css             3.1 kB
 ├   /_app                                  0 B             108 kB
-├ ● /[...slug]                             2.55 kB         157 kB
-├ ● /[slug]/p                              98.1 kB         237 kB
+├ ● /[...slug]                             2.55 kB         158 kB
+├ ● /[slug]/p                              98.1 kB         238 kB
 ├   └ css/a6a4ebbe01adbbad.css             22.2 kB
-├ ○ /404                                   1.57 kB         141 kB
-├ ● /500                                   1.57 kB         141 kB
+├ ○ /404                                   1.57 kB         142 kB
+├ ● /500                                   1.57 kB         142 kB
+├ λ /api/fs/logout                         0 B             108 kB
 ├ λ /api/graphql                           0 B             108 kB
 ├ λ /api/health/live                       0 B             108 kB
 ├ λ /api/health/ready                      0 B             108 kB
 ├ λ /api/preview                           0 B             108 kB
-├ ● /checkout                              749 B           140 kB
-├ ● /login                                 1.7 kB          141 kB
-├ λ /pvt/account                           247 B           108 kB
+├ ● /checkout                              749 B           141 kB
+├ ● /login                                 1.7 kB          142 kB
+├ λ /pvt/account                           247 B           109 kB
 ├ ● /pvt/account/[...unknown]              287 B           109 kB
-├ λ /pvt/account/403                       2.98 kB         142 kB
+├ λ /pvt/account/403                       2.98 kB         143 kB
 ├   └ css/0fae3d432331aae9.css             4.68 kB
 ├ λ /pvt/account/404                       2.18 kB         142 kB
 ├   └ css/0fc6b2ff69142c6a.css             4.74 kB
-├ λ /pvt/account/orders                    9.78 kB         149 kB
+├ λ /pvt/account/orders                    9.78 kB         150 kB
 ├   └ css/40a294d0a24ad01d.css             14.1 kB
-├ λ /pvt/account/orders/[id]               12.1 kB         151 kB
+├ λ /pvt/account/orders/[id]               12.1 kB         152 kB
 ├   └ css/5eecefd2c6deeee4.css             13.3 kB
-├ λ /pvt/account/profile                   1.98 kB         141 kB
+├ λ /pvt/account/profile                   1.98 kB         142 kB
 ├   └ css/47f1b4e8de15d314.css             4.42 kB
-├ λ /pvt/account/security                  3.96 kB         143 kB
+├ λ /pvt/account/security                  3.96 kB         144 kB
 ├   └ css/973dd40d4773e8cd.css             5.74 kB
-├ λ /pvt/account/user-details              1.91 kB         141 kB
+├ λ /pvt/account/user-details              1.91 kB         142 kB
 ├   └ css/05c399956ff24b77.css             4.54 kB
 └ ● /s                                     3.36 kB         158 kB
 + First Load JS shared by all              112 kB
   ├ chunks/framework-d514426edf885c68.js   45.4 kB
   ├ chunks/main-ec03882c4375091d.js        33.2 kB
-  ├ chunks/pages/_app-35b56c71ba4f9a54.js  25.8 kB
-  ├ chunks/webpack-237c97ab0eda7441.js     3.85 kB
+  ├ chunks/pages/_app-3898f7fdf2646553.js  25.8 kB
+  ├ chunks/webpack-5ac0858ff0030797.js     3.85 kB
   └ css/0f070d03aacd9cc5.css               3.57 kB
 
 λ  (Server)  server-side renders at runtime (uses getInitialProps or getServerSideProps)

package/.turbo/turbo-test.log

@@ -1,15 +1,17 @@
 
-> @faststore/core@3.96.1 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.3 test /home/runner/work/faststore/faststore/packages/core
 > jest
 
-PASS test/utils/multipleTemplates.test.ts (28.229 s)
-PASS test/utils/cookieCacheBusting.test.ts (26.786 s)
+PASS test/utils/multipleTemplates.test.ts (30.887 s)
+PASS test/utils/clearCookies.test.ts (31.406 s)
+PASS test/utils/cookieCacheBusting.test.ts
 PASS test/server/cms/global.test.ts
 PASS test/server/cms/index.test.ts
-PASS test/server/index.test.ts (31.53 s)
+PASS test/server/index.test.ts (36.367 s)
+A worker process has failed to exit gracefully and has been force exited. This is likely caused by tests leaking due to improper teardown. Try running with --detectOpenHandles to find leaks. Active timers can also cause this, ensure that .unref() was called on them.
 
-Test Suites: 5 passed, 5 total
-Tests:       27 passed, 27 total
+Test Suites: 6 passed, 6 total
+Tests:       47 passed, 47 total
 Snapshots:   0 total
-Time:        32.796 s
+Time:        37.886 s
 Ran all test suites.

package/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [3.96.4-dev.0](https://github.com/vtex/faststore/compare/v3.96.3...v3.96.4-dev.0) (2026-01-21)
+
+# 3.96.0-dev.22 (2026-01-21)
+
+**Note:** Version bump only for package @faststore/core
+
+## [3.96.3](https://github.com/vtex/faststore/compare/v3.96.2...v3.96.3) (2026-01-21)
+
+**Note:** Version bump only for package @faststore/core
+
 ## [3.96.2](https://github.com/vtex/faststore/compare/v3.96.1...v3.96.2) (2026-01-14)
 
 **Note:** Version bump only for package @faststore/core
@@ -17,6 +27,28 @@ See [Conventional Commits](https://conventionalcommits.org) for commit guideline
 
 - version 20251223 ([#3161](https://github.com/vtex/faststore/issues/3161)) ([ad5e8d1](https://github.com/vtex/faststore/commit/ad5e8d12fe45f1fb8e1134165172bf1c6b2a91e2))
 
+# 3.96.0-dev.22 (2026-01-21)
+
+**Note:** Version bump only for package @faststore/core
+
+# [3.96.0-dev.21](https://github.com/vtex/faststore/compare/v3.96.0-dev.20...v3.96.0-dev.21) (2026-01-08)
+
+### Bug Fixes
+
+- Prevent Partytown cross-origin errors in iframe environments ([#3155](https://github.com/vtex/faststore/issues/3155)) ([997252e](https://github.com/vtex/faststore/commit/997252e9a18807f4c26c350197d4f2d139de58f8))
+
+# [3.96.0-dev.20](https://github.com/vtex/faststore/compare/v3.96.0-dev.19...v3.96.0-dev.20) (2026-01-08)
+
+### Bug Fixes
+
+- Add slug field to landing page schema - CROC-185 ([#3166](https://github.com/vtex/faststore/issues/3166)) ([41b9878](https://github.com/vtex/faststore/commit/41b987825ee5ebb7d311eef33e2ca65034dc130d))
+
+# [3.96.0-dev.19](https://github.com/vtex/faststore/compare/v3.96.0-dev.18...v3.96.0-dev.19) (2026-01-08)
+
+### Features
+
+- logout clear storage ([#3163](https://github.com/vtex/faststore/issues/3163)) ([1fbacc3](https://github.com/vtex/faststore/commit/1fbacc3b3e32b4f83a2f56c1f97eb0f8ff843f61))
+
 # 3.96.0-dev.18 (2025-12-24)
 
 **Note:** Version bump only for package @faststore/core

package/cms/faststore/pages/cms_content_type__landingpage.jsonc

@@ -5,6 +5,12 @@
     "type": "object",
     "title": "Landing Page",
     "properties": {
+      "slug": {
+        "widget": {
+          "ui:widget": "slug"
+        },
+        "type": "string"
+      },
       "seo": {
         "title": "SEO",
         "description": "Search Engine Optimization options",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "3.96.2",
+  "version": "3.96.4-dev.0",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -51,11 +51,11 @@
     "@envelop/graphql-jit": "^8.0.3",
     "@envelop/parser-cache": "^6.0.2",
     "@envelop/validation-cache": "^6.0.2",
-    "@faststore/api": "3.96.2",
-    "@faststore/graphql-utils": "^3.96.0",
-    "@faststore/lighthouse": "3.96.0",
-    "@faststore/sdk": "3.96.0",
-    "@faststore/ui": "3.96.0",
+    "@faststore/api": "3.96.4-dev.0",
+    "@faststore/graphql-utils": "^3.96.4-dev.0",
+    "@faststore/lighthouse": "3.96.4-dev.0",
+    "@faststore/sdk": "3.96.4-dev.0",
+    "@faststore/ui": "3.96.4-dev.0",
     "@graphql-codegen/cli": "5.0.2",
     "@graphql-codegen/client-preset": "4.2.6",
     "@graphql-codegen/typescript": "4.0.7",
@@ -123,5 +123,5 @@
     "ts-jest": "29.1.1",
     "typescript": "5.3.2"
   },
-  "gitHead": "416ed2235804e8f8b39b8351e50f86d5d5b7bd72"
+  "gitHead": "e9e8720245637fc18616bdfbac78de7435dba622"
 }

package/src/components/ThirdPartyScripts/ThirdPartyScripts.tsx

@@ -37,7 +37,10 @@ function ThirdPartyScripts() {
       {includeGTM && <GoogleTagManager containerId={gtmContainerId} />}
       {includeVTEX && <VTEX />}
       <OverrideComponents.ThirdPartyScripts />
-      <Partytown key="partytown" />
+      {/* Only render Partytown when not in an iframe to prevent cross-origin errors. */}
+      {typeof window !== 'undefined' && window.self === window.top && (
+        <Partytown key="partytown" />
+      )}
     </>
   )
 }

package/src/components/account/MyAccountDrawer/OrganizationDrawer/OrganizationDrawer.tsx

@@ -1,6 +1,12 @@
 import { SlideOver, useFadeEffect } from '@faststore/ui'
 
 import { useSession } from 'src/sdk/session'
+import {
+  expireCookieClient,
+  getCookieDomains,
+  getCookiePaths,
+  getVtexCookieNames,
+} from 'src/utils/clearCookies'
 import storeConfig from '../../../../../discovery.config'
 import { ProfileSummary } from '../ProfileSummary/ProfileSummary'
 import { OrganizationDrawerBody } from './OrganizationDrawerBody'
@@ -13,11 +19,105 @@ type OrganizationDrawerProps = {
   isRepresentative: boolean
 }
 
-export const doLogout = () => {
+const clearBrowserStorageForCurrentDomain = async () => {
+  if (typeof window === 'undefined' || !storeConfig) return
+
+  // Clear Faststore-specific sessionStorage keys
+  try {
+    const sessionStorageKeys = [
+      'faststore_session_ready',
+      'faststore_auth_cookie_value',
+      'faststore_cache_bust_last_value',
+    ]
+
+    for (const key of sessionStorageKeys) {
+      try {
+        window.sessionStorage?.removeItem(key)
+      } catch {}
+    }
+
+    // Remove all keys starting with __fs_gallery_page_ (used for PLP pagination)
+    try {
+      const keysToRemove: string[] = []
+      for (let i = 0; i < window.sessionStorage.length; i++) {
+        const key = window.sessionStorage.key(i)
+        if (key && key.startsWith('__fs_gallery_page_')) {
+          keysToRemove.push(key)
+        }
+      }
+      for (const key of keysToRemove) {
+        try {
+          window.sessionStorage.removeItem(key)
+        } catch {}
+      }
+    } catch {}
+  } catch {}
+
+  // Clear all cookies containing 'vtex' in the name (case-insensitive)
+  try {
+    const hostname = window.location.hostname
+    const secure = window.location.protocol === 'https:'
+
+    // Extract all cookie names from document.cookie
+    const allCookieNames = document.cookie
+      .split(';')
+      .map((c) => c.trim())
+      .filter(Boolean)
+      .map((c) => c.split('=')[0])
+      .filter(Boolean)
+
+    const vtexCookieNames = getVtexCookieNames(allCookieNames)
+    const paths = getCookiePaths(window.location.pathname || '/')
+    const domains = getCookieDomains(hostname)
+
+    for (const name of vtexCookieNames) {
+      for (const path of paths) {
+        for (const domain of domains) {
+          try {
+            expireCookieClient({ name, path, domain, secure })
+          } catch {}
+        }
+      }
+    }
+  } catch {}
+
+  // Clear IndexedDB (keyval-store)
+  try {
+    if (!('indexedDB' in window)) return
+
+    const idb = window.indexedDB
+    if (!idb) return
+
+    await new Promise<void>((resolve) => {
+      const req = idb.deleteDatabase('keyval-store')
+      req.onsuccess = () => resolve()
+      req.onerror = () => resolve()
+      req.onblocked = () => resolve()
+    })
+  } catch {}
+}
+
+export const doLogout = async (_event?: unknown) => {
   if (!storeConfig) return
-  window.location.assign(
-    `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
-  )
+
+  try {
+    // Clear client-side storage (sessionStorage, localStorage, IndexedDB, non-HttpOnly cookies)
+    await clearBrowserStorageForCurrentDomain()
+
+    // Clear HttpOnly cookies via API endpoint (server-side)
+    try {
+      await fetch('/api/fs/logout', {
+        method: 'POST',
+        credentials: 'include',
+      })
+    } catch {
+      // Continue even if API call fails
+    }
+  } finally {
+    window.location.assign(
+      `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
+    )
+  }
 }
 
 export const OrganizationDrawer = ({

package/src/pages/api/fs/logout.ts

@@ -0,0 +1,76 @@
+import { parse } from 'cookie'
+import type { NextApiHandler, NextApiRequest, NextApiResponse } from 'next'
+
+import discoveryConfig from 'discovery.config'
+import {
+  expireCookieServer,
+  getCookieDomains,
+  getVtexCookieNames,
+} from 'src/utils/clearCookies'
+
+const ADDITIONAL_COOKIES = ['CheckoutOrderFormOwnership'] as const
+
+/**
+ * Clears all cookies containing 'vtex' in the name (case-insensitive) + ADDITIONAL_COOKIES
+ * This endpoint handles HttpOnly cookies that cannot be cleared via JavaScript
+ */
+const handler: NextApiHandler = async (
+  request: NextApiRequest,
+  response: NextApiResponse
+) => {
+  if (request.method !== 'POST') {
+    response.status(405).end()
+    return
+  }
+
+  try {
+    const hostname = request.headers.host?.split(':')[0] ?? ''
+    const cookies = parse(request.headers.cookie ?? '')
+    const domains = getCookieDomains(hostname)
+    const clearedCookies: string[] = []
+
+    const vtexCookieNames = getVtexCookieNames(Object.keys(cookies))
+
+    // Clear vid_rt cookie with specific path (only if refreshToken is enabled)
+    if (discoveryConfig.experimental?.refreshToken && cookies.vid_rt) {
+      for (const domain of domains) {
+        const clearedCookie = expireCookieServer({
+          name: 'vid_rt',
+          path: '/api/vtexid/refreshtoken/webstore',
+          domain,
+        })
+        clearedCookies.push(clearedCookie)
+      }
+    }
+
+    // Clear other cookies with path /
+    const otherCookieNames = [
+      ...vtexCookieNames,
+      ...ADDITIONAL_COOKIES.filter((name) => cookies[name]),
+    ]
+
+    for (const cookieName of otherCookieNames) {
+      for (const domain of domains) {
+        const clearedCookie = expireCookieServer({
+          name: cookieName,
+          path: '/',
+          domain,
+        })
+        clearedCookies.push(clearedCookie)
+      }
+    }
+
+    if (clearedCookies.length > 0) {
+      response.setHeader('set-cookie', clearedCookies)
+    }
+
+    response.status(200).json({ success: true })
+  } catch (error) {
+    console.error('Error clearing cookies:', error)
+    response
+      .status(500)
+      .json({ success: false, error: 'Failed to clear cookies' })
+  }
+}
+
+export default handler

package/src/utils/clearCookies.ts

@@ -0,0 +1,79 @@
+type ExpireCookieClientParams = {
+  name: string
+  path: string
+  domain?: string
+  secure?: boolean
+}
+
+type ExpireCookieServerParams = {
+  name: string
+  path: string
+  domain?: string
+}
+
+/**
+ * Client-side: Expires a cookie by setting it to expire in the past
+ */
+export const expireCookieClient = ({
+  name,
+  path,
+  domain,
+  secure = false,
+}: ExpireCookieClientParams): void => {
+  const domainAttr = domain ? `; domain=${domain}` : ''
+  const secureAttr = secure ? '; secure' : ''
+  document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; path=${path}${domainAttr}; samesite=lax${secureAttr}`
+}
+
+/**
+ * Server-side: Generates a Set-Cookie header string to expire a cookie
+ */
+export const expireCookieServer = ({
+  name,
+  path,
+  domain,
+}: ExpireCookieServerParams): string => {
+  const domainAttr = domain ? `; domain=${domain}` : ''
+  return `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; path=${path}${domainAttr}; samesite=lax; httponly`
+}
+
+/**
+ * Utility functions for clearing cookies
+ * Shared logic between client-side and server-side cookie clearing
+ */
+
+/**
+ * Generates domain variations for cookie clearing
+ * Tries multiple domain combinations to ensure cookies are cleared regardless of how they were set
+ */
+export const getCookieDomains = (
+  hostname: string
+): Array<string | undefined> => [
+  undefined, // host-only cookie
+  hostname,
+  hostname.startsWith('.') ? hostname : `.${hostname}`,
+]
+
+/**
+ * Filters cookie names that contain 'vtex' (case-insensitive)
+ */
+export const getVtexCookieNames = (cookieNames: string[]): string[] => {
+  return cookieNames.filter((name) => name.toLowerCase().includes('vtex'))
+}
+
+/**
+ * Generates paths to try when clearing cookies
+ * Includes root path and all parent paths from current pathname
+ */
+export const getCookiePaths = (pathname: string): string[] => {
+  const paths: string[] = ['/']
+  const pathParts = pathname.split('/').filter(Boolean)
+
+  let current = ''
+  for (const part of pathParts) {
+    current += `/${part}`
+    if (!paths.includes(current)) paths.push(current)
+  }
+
+  return paths
+}