@shopify/hydrogen-react 2025.7.0 → 2025.7.1

package/dist/node-prod/cart-hooks.mjs

@@ -1,9 +1,14 @@
 import { useCallback } from "react";
 import { useShop } from "./ShopifyProvider.mjs";
-import { SHOPIFY_STOREFRONT_ID_HEADER, SHOPIFY_STOREFRONT_Y_HEADER, SHOPIFY_Y, SHOPIFY_STOREFRONT_S_HEADER, SHOPIFY_S } from "./cart-constants.mjs";
-import { getShopifyCookies } from "./cookies-utils.mjs";
+import { SHOPIFY_STOREFRONT_ID_HEADER, SHOPIFY_STOREFRONT_Y_HEADER, SHOPIFY_STOREFRONT_S_HEADER } from "./cart-constants.mjs";
+import { getTrackingValues, SHOPIFY_UNIQUE_TOKEN_HEADER, SHOPIFY_VISIT_TOKEN_HEADER } from "./tracking-utils.mjs";
 function useCartFetch() {
-  const { storefrontId, getPublicTokenHeaders, getStorefrontApiUrl } = useShop();
+  const {
+    storefrontId,
+    getPublicTokenHeaders,
+    getStorefrontApiUrl,
+    sameDomainForStorefrontApi
+  } = useShop();
   return useCallback(
     ({
       query,
@@ -13,9 +18,17 @@ function useCartFetch() {
       if (storefrontId) {
         headers[SHOPIFY_STOREFRONT_ID_HEADER] = storefrontId;
       }
-      const cookieData = getShopifyCookies(document.cookie);
-      headers[SHOPIFY_STOREFRONT_Y_HEADER] = cookieData[SHOPIFY_Y];
-      headers[SHOPIFY_STOREFRONT_S_HEADER] = cookieData[SHOPIFY_S];
+      if (!sameDomainForStorefrontApi) {
+        const { uniqueToken, visitToken } = getTrackingValues();
+        if (uniqueToken) {
+          headers[SHOPIFY_STOREFRONT_Y_HEADER] = uniqueToken;
+          headers[SHOPIFY_UNIQUE_TOKEN_HEADER] = uniqueToken;
+        }
+        if (visitToken) {
+          headers[SHOPIFY_STOREFRONT_S_HEADER] = visitToken;
+          headers[SHOPIFY_VISIT_TOKEN_HEADER] = visitToken;
+        }
+      }
       return fetch(getStorefrontApiUrl(), {
         method: "POST",
         headers,
@@ -33,7 +46,12 @@ function useCartFetch() {
         };
       });
     },
-    [getPublicTokenHeaders, storefrontId, getStorefrontApiUrl]
+    [
+      getPublicTokenHeaders,
+      storefrontId,
+      getStorefrontApiUrl,
+      sameDomainForStorefrontApi
+    ]
   );
 }
 export {

package/dist/node-prod/cart-hooks.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"cart-hooks.mjs","sources":["../../src/cart-hooks.tsx"],"sourcesContent":["import {useState, useCallback} from 'react';\nimport {useShop} from './ShopifyProvider.js';\nimport {flattenConnection} from './flatten-connection.js';\nimport {CartInput, Cart as CartType} from './storefront-api-types.js';\nimport {CartCreate, defaultCartFragment} from './cart-queries.js';\nimport {Cart} from './cart-types.js';\nimport {\n  SHOPIFY_STOREFRONT_ID_HEADER,\n  SHOPIFY_STOREFRONT_Y_HEADER,\n  SHOPIFY_STOREFRONT_S_HEADER,\n  SHOPIFY_Y,\n  SHOPIFY_S,\n} from './cart-constants.js';\nimport type {StorefrontApiResponseOkPartial} from './storefront-api-response.types.js';\nimport {getShopifyCookies} from './cookies-utils.js';\n\n// eslint-disable-next-line @typescript-eslint/explicit-function-return-type\nexport function useCartFetch() {\n  const {storefrontId, getPublicTokenHeaders, getStorefrontApiUrl} = useShop();\n\n  return useCallback(\n    <ReturnDataGeneric,>({\n      query,\n      variables,\n    }: {\n      query: string;\n      variables: Record<string, unknown>;\n    }): Promise<StorefrontApiResponseOkPartial<ReturnDataGeneric>> => {\n      const headers = getPublicTokenHeaders({contentType: 'json'});\n\n      if (storefrontId) {\n        headers[SHOPIFY_STOREFRONT_ID_HEADER] = storefrontId;\n      }\n\n      // Find Shopify cookies\n      const cookieData = getShopifyCookies(document.cookie);\n      headers[SHOPIFY_STOREFRONT_Y_HEADER] = cookieData[SHOPIFY_Y];\n      headers[SHOPIFY_STOREFRONT_S_HEADER] = cookieData[SHOPIFY_S];\n\n      return fetch(getStorefrontApiUrl(), {\n        method: 'POST',\n        headers,\n        body: JSON.stringify({\n          query: query.toString(),\n          variables,\n        }),\n      })\n        .then(\n          (res) =>\n            res.json() as StorefrontApiResponseOkPartial<ReturnDataGeneric>,\n        )\n        .catch((error) => {\n          return {\n            data: undefined,\n            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call\n            errors: error?.toString(),\n          };\n        });\n    },\n    [getPublicTokenHeaders, storefrontId, getStorefrontApiUrl],\n  );\n}\n\nexport function useInstantCheckout(): {\n  cart: Cart | undefined;\n  checkoutUrl: Cart['checkoutUrl'];\n  error: string | undefined;\n  createInstantCheckout: (cartInput: CartInput) => Promise<void>;\n} {\n  const [cart, updateCart] = useState<Cart | undefined>();\n  const [checkoutUrl, updateCheckoutUrl] = useState<Cart['checkoutUrl']>();\n  const [error, updateError] = useState<string | undefined>();\n\n  const fetch = useCartFetch();\n\n  const createInstantCheckout = useCallback(\n    async (cartInput: CartInput) => {\n      const {data, errors} = await fetch<{\n        cartCreate: {cart: CartType};\n      }>({\n        query: CartCreate(defaultCartFragment),\n        variables: {\n          input: cartInput,\n        },\n      });\n\n      if (errors) {\n        // eslint-disable-next-line @typescript-eslint/no-base-to-string\n        updateError(errors.toString());\n        updateCart(undefined);\n        updateCheckoutUrl(undefined);\n      }\n\n      if (data?.cartCreate?.cart) {\n        const dataCart = data.cartCreate.cart;\n        updateCart({\n          ...dataCart,\n          lines: flattenConnection(dataCart.lines),\n          note: dataCart.note ?? undefined,\n        });\n        updateCheckoutUrl(dataCart.checkoutUrl);\n      }\n    },\n    [fetch],\n  );\n\n  return {cart, checkoutUrl, error, createInstantCheckout};\n}\n"],"names":[],"mappings":";;;;AAiBO,SAAS,eAAe;AAC7B,QAAM,EAAC,cAAc,uBAAuB,oBAAA,IAAuB,QAAA;AAEnE,SAAO;AAAA,IACL,CAAqB;AAAA,MACnB;AAAA,MACA;AAAA,IAAA,MAIgE;AAChE,YAAM,UAAU,sBAAsB,EAAC,aAAa,QAAO;AAE3D,UAAI,cAAc;AAChB,gBAAQ,4BAA4B,IAAI;AAAA,MAC1C;AAGA,YAAM,aAAa,kBAAkB,SAAS,MAAM;AACpD,cAAQ,2BAA2B,IAAI,WAAW,SAAS;AAC3D,cAAQ,2BAA2B,IAAI,WAAW,SAAS;AAE3D,aAAO,MAAM,uBAAuB;AAAA,QAClC,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,MAAM,SAAA;AAAA,UACb;AAAA,QAAA,CACD;AAAA,MAAA,CACF,EACE;AAAA,QACC,CAAC,QACC,IAAI,KAAA;AAAA,MAAK,EAEZ,MAAM,CAAC,UAAU;AAChB,eAAO;AAAA,UACL,MAAM;AAAA;AAAA,UAEN,QAAQ,+BAAO;AAAA,QAAS;AAAA,MAE5B,CAAC;AAAA,IACL;AAAA,IACA,CAAC,uBAAuB,cAAc,mBAAmB;AAAA,EAAA;AAE7D;"}
+{"version":3,"file":"cart-hooks.mjs","sources":["../../src/cart-hooks.tsx"],"sourcesContent":["import {useState, useCallback} from 'react';\nimport {useShop} from './ShopifyProvider.js';\nimport {flattenConnection} from './flatten-connection.js';\nimport {CartInput, Cart as CartType} from './storefront-api-types.js';\nimport {CartCreate, defaultCartFragment} from './cart-queries.js';\nimport {Cart} from './cart-types.js';\nimport {\n  SHOPIFY_STOREFRONT_ID_HEADER,\n  SHOPIFY_STOREFRONT_Y_HEADER,\n  SHOPIFY_STOREFRONT_S_HEADER,\n} from './cart-constants.js';\nimport type {StorefrontApiResponseOkPartial} from './storefront-api-response.types.js';\nimport {\n  getTrackingValues,\n  SHOPIFY_UNIQUE_TOKEN_HEADER,\n  SHOPIFY_VISIT_TOKEN_HEADER,\n} from './tracking-utils.js';\n\n// eslint-disable-next-line @typescript-eslint/explicit-function-return-type\nexport function useCartFetch() {\n  const {\n    storefrontId,\n    getPublicTokenHeaders,\n    getStorefrontApiUrl,\n    sameDomainForStorefrontApi,\n  } = useShop();\n\n  return useCallback(\n    <ReturnDataGeneric,>({\n      query,\n      variables,\n    }: {\n      query: string;\n      variables: Record<string, unknown>;\n    }): Promise<StorefrontApiResponseOkPartial<ReturnDataGeneric>> => {\n      const headers = getPublicTokenHeaders({contentType: 'json'});\n\n      if (storefrontId) {\n        headers[SHOPIFY_STOREFRONT_ID_HEADER] = storefrontId;\n      }\n\n      if (!sameDomainForStorefrontApi) {\n        // If we are in cross-domain mode, add tracking headers manually.\n        // Otherwise, for same-domain we rely on the browser to attach cookies automatically.\n        const {uniqueToken, visitToken} = getTrackingValues();\n        if (uniqueToken) {\n          headers[SHOPIFY_STOREFRONT_Y_HEADER] = uniqueToken;\n          headers[SHOPIFY_UNIQUE_TOKEN_HEADER] = uniqueToken;\n        }\n        if (visitToken) {\n          headers[SHOPIFY_STOREFRONT_S_HEADER] = visitToken;\n          headers[SHOPIFY_VISIT_TOKEN_HEADER] = visitToken;\n        }\n      }\n\n      return fetch(getStorefrontApiUrl(), {\n        method: 'POST',\n        headers,\n        body: JSON.stringify({\n          query: query.toString(),\n          variables,\n        }),\n      })\n        .then(\n          (res) =>\n            res.json() as StorefrontApiResponseOkPartial<ReturnDataGeneric>,\n        )\n        .catch((error) => {\n          return {\n            data: undefined,\n            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call\n            errors: error?.toString(),\n          };\n        });\n    },\n    [\n      getPublicTokenHeaders,\n      storefrontId,\n      getStorefrontApiUrl,\n      sameDomainForStorefrontApi,\n    ],\n  );\n}\n\nexport function useInstantCheckout(): {\n  cart: Cart | undefined;\n  checkoutUrl: Cart['checkoutUrl'];\n  error: string | undefined;\n  createInstantCheckout: (cartInput: CartInput) => Promise<void>;\n} {\n  const [cart, updateCart] = useState<Cart | undefined>();\n  const [checkoutUrl, updateCheckoutUrl] = useState<Cart['checkoutUrl']>();\n  const [error, updateError] = useState<string | undefined>();\n\n  const fetch = useCartFetch();\n\n  const createInstantCheckout = useCallback(\n    async (cartInput: CartInput) => {\n      const {data, errors} = await fetch<{\n        cartCreate: {cart: CartType};\n      }>({\n        query: CartCreate(defaultCartFragment),\n        variables: {\n          input: cartInput,\n        },\n      });\n\n      if (errors) {\n        // eslint-disable-next-line @typescript-eslint/no-base-to-string\n        updateError(errors.toString());\n        updateCart(undefined);\n        updateCheckoutUrl(undefined);\n      }\n\n      if (data?.cartCreate?.cart) {\n        const dataCart = data.cartCreate.cart;\n        updateCart({\n          ...dataCart,\n          lines: flattenConnection(dataCart.lines),\n          note: dataCart.note ?? undefined,\n        });\n        updateCheckoutUrl(dataCart.checkoutUrl);\n      }\n    },\n    [fetch],\n  );\n\n  return {cart, checkoutUrl, error, createInstantCheckout};\n}\n"],"names":[],"mappings":";;;;AAmBO,SAAS,eAAe;AAC7B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA,IACE,QAAA;AAEJ,SAAO;AAAA,IACL,CAAqB;AAAA,MACnB;AAAA,MACA;AAAA,IAAA,MAIgE;AAChE,YAAM,UAAU,sBAAsB,EAAC,aAAa,QAAO;AAE3D,UAAI,cAAc;AAChB,gBAAQ,4BAA4B,IAAI;AAAA,MAC1C;AAEA,UAAI,CAAC,4BAA4B;AAG/B,cAAM,EAAC,aAAa,WAAA,IAAc,kBAAA;AAClC,YAAI,aAAa;AACf,kBAAQ,2BAA2B,IAAI;AACvC,kBAAQ,2BAA2B,IAAI;AAAA,QACzC;AACA,YAAI,YAAY;AACd,kBAAQ,2BAA2B,IAAI;AACvC,kBAAQ,0BAA0B,IAAI;AAAA,QACxC;AAAA,MACF;AAEA,aAAO,MAAM,uBAAuB;AAAA,QAClC,QAAQ;AAAA,QACR;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,MAAM,SAAA;AAAA,UACb;AAAA,QAAA,CACD;AAAA,MAAA,CACF,EACE;AAAA,QACC,CAAC,QACC,IAAI,KAAA;AAAA,MAAK,EAEZ,MAAM,CAAC,UAAU;AAChB,eAAO;AAAA,UACL,MAAM;AAAA;AAAA,UAEN,QAAQ,+BAAO;AAAA,QAAS;AAAA,MAE5B,CAAC;AAAA,IACL;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EACF;AAEJ;"}

package/dist/node-prod/cookies-utils.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const cookie = require("worktop/cookie");
 const cartConstants = require("./cart-constants.js");
+const trackingUtils = require("./tracking-utils.js");
 const tokenHash = "xxxx-4xxx-xxxx-xxxxxxxxxxxx";
 function buildUUID() {
   let hash = "";
@@ -38,10 +38,10 @@ function hexTime() {
   return output.padStart(8, "0");
 }
 function getShopifyCookies(cookies) {
-  const cookieData = cookie.parse(cookies);
+  const trackingValues = trackingUtils.getTrackingValues(cookies);
   return {
-    [cartConstants.SHOPIFY_Y]: cookieData[cartConstants.SHOPIFY_Y] || "",
-    [cartConstants.SHOPIFY_S]: cookieData[cartConstants.SHOPIFY_S] || ""
+    [cartConstants.SHOPIFY_Y]: trackingValues.uniqueToken,
+    [cartConstants.SHOPIFY_S]: trackingValues.visitToken
   };
 }
 exports.buildUUID = buildUUID;

package/dist/node-prod/cookies-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"cookies-utils.js","sources":["../../src/cookies-utils.tsx"],"sourcesContent":["// @ts-ignore - worktop/cookie types not properly exported\nimport {parse} from 'worktop/cookie';\nimport {ShopifyCookies} from './analytics-types.js';\nimport {SHOPIFY_Y, SHOPIFY_S} from './cart-constants.js';\n\nconst tokenHash = 'xxxx-4xxx-xxxx-xxxxxxxxxxxx';\n\nexport function buildUUID(): string {\n  let hash = '';\n\n  try {\n    const crypto: Crypto = window.crypto;\n    const randomValuesArray = new Uint16Array(31);\n    crypto.getRandomValues(randomValuesArray);\n\n    // Generate a strong UUID\n    let i = 0;\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = randomValuesArray[i] % 16;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        i++;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  } catch (err) {\n    // crypto not available, generate weak UUID\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = (Math.random() * 16) | 0;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  }\n\n  return `${hexTime()}-${hash}`;\n}\n\nexport function hexTime(): string {\n  // 32 bit representations of new Date().getTime() and performance.now()\n  let dateNumber = 0;\n  let perfNumber = 0;\n\n  // Result of zero-fill right shift is always positive\n  dateNumber = new Date().getTime() >>> 0;\n\n  try {\n    perfNumber = performance.now() >>> 0;\n  } catch (err) {\n    perfNumber = 0;\n  }\n\n  const output = Math.abs(dateNumber + perfNumber)\n    .toString(16)\n    .toLowerCase();\n\n  // Ensure the output is exactly 8 characters\n  return output.padStart(8, '0');\n}\n\nexport function getShopifyCookies(cookies: string): ShopifyCookies {\n  const cookieData = parse(cookies);\n  return {\n    [SHOPIFY_Y]: cookieData[SHOPIFY_Y] || '',\n    [SHOPIFY_S]: cookieData[SHOPIFY_S] || '',\n  };\n}\n"],"names":["parse","SHOPIFY_Y","SHOPIFY_S"],"mappings":";;;;AAKA,MAAM,YAAY;AAEX,SAAS,YAAoB;AAClC,MAAI,OAAO;AAEX,MAAI;AACF,UAAM,SAAiB,OAAO;AAC9B,UAAM,oBAAoB,IAAI,YAAY,EAAE;AAC5C,WAAO,gBAAgB,iBAAiB;AAGxC,QAAI,IAAI;AACR,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAI,kBAAkB,CAAC,IAAI;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC;AACA,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL,SAAS,KAAK;AAEZ,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAK,KAAK,OAAA,IAAW,KAAM;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL;AAEA,SAAO,GAAG,QAAA,CAAS,IAAI,IAAI;AAC7B;AAEO,SAAS,UAAkB;AAEhC,MAAI,aAAa;AACjB,MAAI,aAAa;AAGjB,gBAAa,oBAAI,QAAO,QAAA,MAAc;AAEtC,MAAI;AACF,iBAAa,YAAY,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,iBAAa;AAAA,EACf;AAEA,QAAM,SAAS,KAAK,IAAI,aAAa,UAAU,EAC5C,SAAS,EAAE,EACX,YAAA;AAGH,SAAO,OAAO,SAAS,GAAG,GAAG;AAC/B;AAEO,SAAS,kBAAkB,SAAiC;AACjE,QAAM,aAAaA,OAAAA,MAAM,OAAO;AAChC,SAAO;AAAA,IACL,CAACC,uBAAS,GAAG,WAAWA,cAAAA,SAAS,KAAK;AAAA,IACtC,CAACC,cAAAA,SAAS,GAAG,WAAWA,cAAAA,SAAS,KAAK;AAAA,EAAA;AAE1C;;;;"}
+{"version":3,"file":"cookies-utils.js","sources":["../../src/cookies-utils.tsx"],"sourcesContent":["import {ShopifyCookies} from './analytics-types.js';\nimport {SHOPIFY_Y, SHOPIFY_S} from './cart-constants.js';\nimport {getTrackingValues} from './tracking-utils.js';\n\nconst tokenHash = 'xxxx-4xxx-xxxx-xxxxxxxxxxxx';\n\nexport function buildUUID(): string {\n  let hash = '';\n\n  try {\n    const crypto: Crypto = window.crypto;\n    const randomValuesArray = new Uint16Array(31);\n    crypto.getRandomValues(randomValuesArray);\n\n    // Generate a strong UUID\n    let i = 0;\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = randomValuesArray[i] % 16;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        i++;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  } catch (err) {\n    // crypto not available, generate weak UUID\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = (Math.random() * 16) | 0;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  }\n\n  return `${hexTime()}-${hash}`;\n}\n\nexport function hexTime(): string {\n  // 32 bit representations of new Date().getTime() and performance.now()\n  let dateNumber = 0;\n  let perfNumber = 0;\n\n  // Result of zero-fill right shift is always positive\n  dateNumber = new Date().getTime() >>> 0;\n\n  try {\n    perfNumber = performance.now() >>> 0;\n  } catch (err) {\n    perfNumber = 0;\n  }\n\n  const output = Math.abs(dateNumber + perfNumber)\n    .toString(16)\n    .toLowerCase();\n\n  // Ensure the output is exactly 8 characters\n  return output.padStart(8, '0');\n}\n\n/**\n * Gets the values of _shopify_y and _shopify_s cookies from the provided cookie string.\n * @deprecated Use getTrackingValues instead.\n */\nexport function getShopifyCookies(cookies: string): ShopifyCookies {\n  // @ts-expect-error - Undeclared argument type\n  const trackingValues = getTrackingValues(cookies);\n\n  return {\n    [SHOPIFY_Y]: trackingValues.uniqueToken,\n    [SHOPIFY_S]: trackingValues.visitToken,\n  };\n}\n"],"names":["getTrackingValues","SHOPIFY_Y","SHOPIFY_S"],"mappings":";;;;AAIA,MAAM,YAAY;AAEX,SAAS,YAAoB;AAClC,MAAI,OAAO;AAEX,MAAI;AACF,UAAM,SAAiB,OAAO;AAC9B,UAAM,oBAAoB,IAAI,YAAY,EAAE;AAC5C,WAAO,gBAAgB,iBAAiB;AAGxC,QAAI,IAAI;AACR,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAI,kBAAkB,CAAC,IAAI;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC;AACA,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL,SAAS,KAAK;AAEZ,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAK,KAAK,OAAA,IAAW,KAAM;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL;AAEA,SAAO,GAAG,QAAA,CAAS,IAAI,IAAI;AAC7B;AAEO,SAAS,UAAkB;AAEhC,MAAI,aAAa;AACjB,MAAI,aAAa;AAGjB,gBAAa,oBAAI,QAAO,QAAA,MAAc;AAEtC,MAAI;AACF,iBAAa,YAAY,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,iBAAa;AAAA,EACf;AAEA,QAAM,SAAS,KAAK,IAAI,aAAa,UAAU,EAC5C,SAAS,EAAE,EACX,YAAA;AAGH,SAAO,OAAO,SAAS,GAAG,GAAG;AAC/B;AAMO,SAAS,kBAAkB,SAAiC;AAEjE,QAAM,iBAAiBA,cAAAA,kBAAkB,OAAO;AAEhD,SAAO;AAAA,IACL,CAACC,cAAAA,SAAS,GAAG,eAAe;AAAA,IAC5B,CAACC,cAAAA,SAAS,GAAG,eAAe;AAAA,EAAA;AAEhC;;;;"}

package/dist/node-prod/cookies-utils.mjs

@@ -1,5 +1,5 @@
-import { parse } from "worktop/cookie";
 import { SHOPIFY_S, SHOPIFY_Y } from "./cart-constants.mjs";
+import { getTrackingValues } from "./tracking-utils.mjs";
 const tokenHash = "xxxx-4xxx-xxxx-xxxxxxxxxxxx";
 function buildUUID() {
   let hash = "";
@@ -36,10 +36,10 @@ function hexTime() {
   return output.padStart(8, "0");
 }
 function getShopifyCookies(cookies) {
-  const cookieData = parse(cookies);
+  const trackingValues = getTrackingValues(cookies);
   return {
-    [SHOPIFY_Y]: cookieData[SHOPIFY_Y] || "",
-    [SHOPIFY_S]: cookieData[SHOPIFY_S] || ""
+    [SHOPIFY_Y]: trackingValues.uniqueToken,
+    [SHOPIFY_S]: trackingValues.visitToken
   };
 }
 export {

package/dist/node-prod/cookies-utils.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"cookies-utils.mjs","sources":["../../src/cookies-utils.tsx"],"sourcesContent":["// @ts-ignore - worktop/cookie types not properly exported\nimport {parse} from 'worktop/cookie';\nimport {ShopifyCookies} from './analytics-types.js';\nimport {SHOPIFY_Y, SHOPIFY_S} from './cart-constants.js';\n\nconst tokenHash = 'xxxx-4xxx-xxxx-xxxxxxxxxxxx';\n\nexport function buildUUID(): string {\n  let hash = '';\n\n  try {\n    const crypto: Crypto = window.crypto;\n    const randomValuesArray = new Uint16Array(31);\n    crypto.getRandomValues(randomValuesArray);\n\n    // Generate a strong UUID\n    let i = 0;\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = randomValuesArray[i] % 16;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        i++;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  } catch (err) {\n    // crypto not available, generate weak UUID\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = (Math.random() * 16) | 0;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  }\n\n  return `${hexTime()}-${hash}`;\n}\n\nexport function hexTime(): string {\n  // 32 bit representations of new Date().getTime() and performance.now()\n  let dateNumber = 0;\n  let perfNumber = 0;\n\n  // Result of zero-fill right shift is always positive\n  dateNumber = new Date().getTime() >>> 0;\n\n  try {\n    perfNumber = performance.now() >>> 0;\n  } catch (err) {\n    perfNumber = 0;\n  }\n\n  const output = Math.abs(dateNumber + perfNumber)\n    .toString(16)\n    .toLowerCase();\n\n  // Ensure the output is exactly 8 characters\n  return output.padStart(8, '0');\n}\n\nexport function getShopifyCookies(cookies: string): ShopifyCookies {\n  const cookieData = parse(cookies);\n  return {\n    [SHOPIFY_Y]: cookieData[SHOPIFY_Y] || '',\n    [SHOPIFY_S]: cookieData[SHOPIFY_S] || '',\n  };\n}\n"],"names":[],"mappings":";;AAKA,MAAM,YAAY;AAEX,SAAS,YAAoB;AAClC,MAAI,OAAO;AAEX,MAAI;AACF,UAAM,SAAiB,OAAO;AAC9B,UAAM,oBAAoB,IAAI,YAAY,EAAE;AAC5C,WAAO,gBAAgB,iBAAiB;AAGxC,QAAI,IAAI;AACR,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAI,kBAAkB,CAAC,IAAI;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC;AACA,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL,SAAS,KAAK;AAEZ,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAK,KAAK,OAAA,IAAW,KAAM;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL;AAEA,SAAO,GAAG,QAAA,CAAS,IAAI,IAAI;AAC7B;AAEO,SAAS,UAAkB;AAEhC,MAAI,aAAa;AACjB,MAAI,aAAa;AAGjB,gBAAa,oBAAI,QAAO,QAAA,MAAc;AAEtC,MAAI;AACF,iBAAa,YAAY,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,iBAAa;AAAA,EACf;AAEA,QAAM,SAAS,KAAK,IAAI,aAAa,UAAU,EAC5C,SAAS,EAAE,EACX,YAAA;AAGH,SAAO,OAAO,SAAS,GAAG,GAAG;AAC/B;AAEO,SAAS,kBAAkB,SAAiC;AACjE,QAAM,aAAa,MAAM,OAAO;AAChC,SAAO;AAAA,IACL,CAAC,SAAS,GAAG,WAAW,SAAS,KAAK;AAAA,IACtC,CAAC,SAAS,GAAG,WAAW,SAAS,KAAK;AAAA,EAAA;AAE1C;"}
+{"version":3,"file":"cookies-utils.mjs","sources":["../../src/cookies-utils.tsx"],"sourcesContent":["import {ShopifyCookies} from './analytics-types.js';\nimport {SHOPIFY_Y, SHOPIFY_S} from './cart-constants.js';\nimport {getTrackingValues} from './tracking-utils.js';\n\nconst tokenHash = 'xxxx-4xxx-xxxx-xxxxxxxxxxxx';\n\nexport function buildUUID(): string {\n  let hash = '';\n\n  try {\n    const crypto: Crypto = window.crypto;\n    const randomValuesArray = new Uint16Array(31);\n    crypto.getRandomValues(randomValuesArray);\n\n    // Generate a strong UUID\n    let i = 0;\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = randomValuesArray[i] % 16;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        i++;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  } catch (err) {\n    // crypto not available, generate weak UUID\n    hash = tokenHash\n      .replace(/[x]/g, (c: string): string => {\n        const r = (Math.random() * 16) | 0;\n        const v = c === 'x' ? r : (r & 0x3) | 0x8;\n        return v.toString(16);\n      })\n      .toUpperCase();\n  }\n\n  return `${hexTime()}-${hash}`;\n}\n\nexport function hexTime(): string {\n  // 32 bit representations of new Date().getTime() and performance.now()\n  let dateNumber = 0;\n  let perfNumber = 0;\n\n  // Result of zero-fill right shift is always positive\n  dateNumber = new Date().getTime() >>> 0;\n\n  try {\n    perfNumber = performance.now() >>> 0;\n  } catch (err) {\n    perfNumber = 0;\n  }\n\n  const output = Math.abs(dateNumber + perfNumber)\n    .toString(16)\n    .toLowerCase();\n\n  // Ensure the output is exactly 8 characters\n  return output.padStart(8, '0');\n}\n\n/**\n * Gets the values of _shopify_y and _shopify_s cookies from the provided cookie string.\n * @deprecated Use getTrackingValues instead.\n */\nexport function getShopifyCookies(cookies: string): ShopifyCookies {\n  // @ts-expect-error - Undeclared argument type\n  const trackingValues = getTrackingValues(cookies);\n\n  return {\n    [SHOPIFY_Y]: trackingValues.uniqueToken,\n    [SHOPIFY_S]: trackingValues.visitToken,\n  };\n}\n"],"names":[],"mappings":";;AAIA,MAAM,YAAY;AAEX,SAAS,YAAoB;AAClC,MAAI,OAAO;AAEX,MAAI;AACF,UAAM,SAAiB,OAAO;AAC9B,UAAM,oBAAoB,IAAI,YAAY,EAAE;AAC5C,WAAO,gBAAgB,iBAAiB;AAGxC,QAAI,IAAI;AACR,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAI,kBAAkB,CAAC,IAAI;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC;AACA,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL,SAAS,KAAK;AAEZ,WAAO,UACJ,QAAQ,QAAQ,CAAC,MAAsB;AACtC,YAAM,IAAK,KAAK,OAAA,IAAW,KAAM;AACjC,YAAM,IAAI,MAAM,MAAM,IAAK,IAAI,IAAO;AACtC,aAAO,EAAE,SAAS,EAAE;AAAA,IACtB,CAAC,EACA,YAAA;AAAA,EACL;AAEA,SAAO,GAAG,QAAA,CAAS,IAAI,IAAI;AAC7B;AAEO,SAAS,UAAkB;AAEhC,MAAI,aAAa;AACjB,MAAI,aAAa;AAGjB,gBAAa,oBAAI,QAAO,QAAA,MAAc;AAEtC,MAAI;AACF,iBAAa,YAAY,UAAU;AAAA,EACrC,SAAS,KAAK;AACZ,iBAAa;AAAA,EACf;AAEA,QAAM,SAAS,KAAK,IAAI,aAAa,UAAU,EAC5C,SAAS,EAAE,EACX,YAAA;AAGH,SAAO,OAAO,SAAS,GAAG,GAAG;AAC/B;AAMO,SAAS,kBAAkB,SAAiC;AAEjE,QAAM,iBAAiB,kBAAkB,OAAO;AAEhD,SAAO;AAAA,IACL,CAAC,SAAS,GAAG,eAAe;AAAA,IAC5B,CAAC,SAAS,GAAG,eAAe;AAAA,EAAA;AAEhC;"}

package/dist/node-prod/index.js

@@ -30,6 +30,7 @@ const RichText = require("./RichText.js");
 const ShopifyProvider = require("./ShopifyProvider.js");
 const ShopPayButton = require("./ShopPayButton.js");
 const storefrontClient = require("./storefront-client.js");
+const trackingUtils = require("./tracking-utils.js");
 const useMoney = require("./useMoney.js");
 const useSelectedOptionInUrlParam = require("./useSelectedOptionInUrlParam.js");
 const useShopifyCookies = require("./useShopifyCookies.js");
@@ -80,6 +81,9 @@ exports.ShopifyProvider = ShopifyProvider.ShopifyProvider;
 exports.useShop = ShopifyProvider.useShop;
 exports.ShopPayButton = ShopPayButton.ShopPayButton;
 exports.createStorefrontClient = storefrontClient.createStorefrontClient;
+exports.SHOPIFY_UNIQUE_TOKEN_HEADER = trackingUtils.SHOPIFY_UNIQUE_TOKEN_HEADER;
+exports.SHOPIFY_VISIT_TOKEN_HEADER = trackingUtils.SHOPIFY_VISIT_TOKEN_HEADER;
+exports.getTrackingValues = trackingUtils.getTrackingValues;
 exports.useMoney = useMoney.useMoney;
 exports.useSelectedOptionInUrlParam = useSelectedOptionInUrlParam.useSelectedOptionInUrlParam;
 exports.useShopifyCookies = useShopifyCookies.useShopifyCookies;

package/dist/node-prod/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
+{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/node-prod/index.mjs

@@ -28,6 +28,7 @@ import { RichText } from "./RichText.mjs";
 import { ShopifyProvider, useShop } from "./ShopifyProvider.mjs";
 import { ShopPayButton } from "./ShopPayButton.mjs";
 import { createStorefrontClient } from "./storefront-client.mjs";
+import { SHOPIFY_UNIQUE_TOKEN_HEADER, SHOPIFY_VISIT_TOKEN_HEADER, getTrackingValues } from "./tracking-utils.mjs";
 import { useMoney } from "./useMoney.mjs";
 import { useSelectedOptionInUrlParam } from "./useSelectedOptionInUrlParam.mjs";
 import { useShopifyCookies } from "./useShopifyCookies.mjs";
@@ -56,6 +57,8 @@ export {
   SHOPIFY_STOREFRONT_ID_HEADER,
   SHOPIFY_STOREFRONT_S_HEADER,
   SHOPIFY_STOREFRONT_Y_HEADER,
+  SHOPIFY_UNIQUE_TOKEN_HEADER,
+  SHOPIFY_VISIT_TOKEN_HEADER,
   SHOPIFY_Y,
   ShopPayButton,
   ShopifyProvider,
@@ -69,6 +72,7 @@ export {
   getClientBrowserParameters,
   getProductOptions,
   getShopifyCookies,
+  getTrackingValues,
   isOptionValueCombinationInEncodedVariant,
   mapSelectedProductOptionToObject,
   parseGid,

package/dist/node-prod/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/node-prod/packages/hydrogen-react/package.json.js

@@ -1,5 +1,5 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const version = "2025.7.0";
+const version = "2025.7.1";
 exports.version = version;
 //# sourceMappingURL=package.json.js.map

package/dist/node-prod/packages/hydrogen-react/package.json.mjs

@@ -1,4 +1,4 @@
-const version = "2025.7.0";
+const version = "2025.7.1";
 export {
   version
 };

package/dist/node-prod/tracking-utils.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const SHOPIFY_VISIT_TOKEN_HEADER = "X-Shopify-VisitToken";
+const SHOPIFY_UNIQUE_TOKEN_HEADER = "X-Shopify-UniqueToken";
+const cachedTrackingValues = { current: null };
+function getTrackingValues() {
+  var _a, _b, _c;
+  let trackingValues;
+  if (typeof window !== "undefined" && typeof window.performance !== "undefined") {
+    try {
+      const resourceRE = /^https?:\/\/([^/]+)(\/api\/(?:unstable|2\d{3}-\d{2})\/graphql\.json(?=$|\?))?/;
+      const entries = performance.getEntriesByType(
+        "resource"
+      );
+      let matchedValues;
+      for (let i = entries.length - 1; i >= 0; i--) {
+        const entry = entries[i];
+        if (entry.initiatorType !== "fetch") continue;
+        const currentHost = window.location.host;
+        const match = entry.name.match(resourceRE);
+        if (!match) continue;
+        const [, matchedHost, sfapiPath] = match;
+        const isMatch = (
+          // Same origin (exact host match)
+          matchedHost === currentHost || // Subdomain with SFAPI path
+          sfapiPath && (matchedHost == null ? void 0 : matchedHost.endsWith(`.${currentHost}`))
+        );
+        if (isMatch) {
+          const values = extractFromPerformanceEntry(entry);
+          if (values) {
+            matchedValues = values;
+            break;
+          }
+        }
+      }
+      if (matchedValues) {
+        trackingValues = matchedValues;
+      }
+      if (trackingValues) {
+        cachedTrackingValues.current = trackingValues;
+      } else if (cachedTrackingValues.current) {
+        trackingValues = cachedTrackingValues.current;
+      }
+      if (!trackingValues) {
+        const navigationEntries = performance.getEntriesByType(
+          "navigation"
+        )[0];
+        trackingValues = extractFromPerformanceEntry(navigationEntries, false);
+      }
+    } catch {
+    }
+  }
+  if (!trackingValues) {
+    const cookie = (
+      // Read from arguments to avoid declaring parameters in this function signature.
+      // This logic is only used internally from `getShopifyCookies` and will be deprecated.
+      typeof arguments[0] === "string" ? arguments[0] : typeof document !== "undefined" ? document.cookie : ""
+    );
+    trackingValues = {
+      uniqueToken: ((_a = cookie.match(/\b_shopify_y=([^;]+)/)) == null ? void 0 : _a[1]) || "",
+      visitToken: ((_b = cookie.match(/\b_shopify_s=([^;]+)/)) == null ? void 0 : _b[1]) || "",
+      consent: ((_c = cookie.match(/\b_tracking_consent=([^;]+)/)) == null ? void 0 : _c[1]) || ""
+    };
+  }
+  return trackingValues;
+}
+function extractFromPerformanceEntry(entry, isConsentRequired = true) {
+  let uniqueToken = "";
+  let visitToken = "";
+  let consent = "";
+  const serverTiming = entry.serverTiming;
+  if (serverTiming && serverTiming.length >= 3) {
+    for (let i = serverTiming.length - 1; i >= 0; i--) {
+      const { name, description } = serverTiming[i];
+      if (!name || !description) continue;
+      if (name === "_y") {
+        uniqueToken = description;
+      } else if (name === "_s") {
+        visitToken = description;
+      } else if (name === "_cmp") {
+        consent = description;
+      }
+      if (uniqueToken && visitToken && consent) break;
+    }
+  }
+  return uniqueToken && visitToken && (isConsentRequired ? consent : true) ? { uniqueToken, visitToken, consent } : void 0;
+}
+exports.SHOPIFY_UNIQUE_TOKEN_HEADER = SHOPIFY_UNIQUE_TOKEN_HEADER;
+exports.SHOPIFY_VISIT_TOKEN_HEADER = SHOPIFY_VISIT_TOKEN_HEADER;
+exports.cachedTrackingValues = cachedTrackingValues;
+exports.getTrackingValues = getTrackingValues;
+//# sourceMappingURL=tracking-utils.js.map

package/dist/node-prod/tracking-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracking-utils.js","sources":["../../src/tracking-utils.ts"],"sourcesContent":["/** Storefront API header for VisitToken */\nexport const SHOPIFY_VISIT_TOKEN_HEADER = 'X-Shopify-VisitToken';\n/** Storefront API header for UniqueToken */\nexport const SHOPIFY_UNIQUE_TOKEN_HEADER = 'X-Shopify-UniqueToken';\n\ntype TrackingValues = {\n  /** Identifier for the unique user. Equivalent to the deprecated _shopify_y cookie */\n  uniqueToken: string;\n  /** Identifier for the current visit. Equivalent to the deprecated _shopify_s cookie */\n  visitToken: string;\n  /** Represents the consent given by the user or the default region consent configured in Admin */\n  consent: string;\n};\n\n// Cache values to avoid losing them when performance\n// entries are cleared from the buffer over time.\nexport const cachedTrackingValues: {\n  current: null | TrackingValues;\n} = {current: null};\n\n/**\n * Retrieves user session tracking values for analytics\n * and marketing from the browser environment.\n */\nexport function getTrackingValues(): TrackingValues {\n  // Overall behavior: Tracking values are returned in Server-Timing headers from\n  // Storefront API responses, and we want to find and return these tracking values.\n  //\n  // Search recent fetches for SFAPI requests matching either: same origin (proxy case)\n  // or a subdomain of the current host (eg: checkout subdomain, if there is no proxy).\n  // We consider SF API-like endpoints (/api/.../graphql.json) on subdomains, as well as\n  // any same-origin request. The reason for the latter is that Hydrogen server collects\n  // tracking values and returns them in any non-cached response, not just direct SF API\n  // responses. For example, a cart mutation in a server action could return tracking values.\n  //\n  // If we didn't find tracking values in fetch requests, we fall back to checking cached values,\n  // then the initial page navigation entry, and finally the deprecated `_shopify_s` and `_shopify_y`.\n\n  let trackingValues: TrackingValues | undefined;\n\n  if (\n    typeof window !== 'undefined' &&\n    typeof window.performance !== 'undefined'\n  ) {\n    try {\n      // RE to extract host and optionally match SFAPI pathname.\n      // Group 1: host (e.g. \"checkout.mystore.com\")\n      // Group 2: SFAPI path if present (e.g. \"/api/2024-01/graphql.json\")\n      const resourceRE =\n        /^https?:\\/\\/([^/]+)(\\/api\\/(?:unstable|2\\d{3}-\\d{2})\\/graphql\\.json(?=$|\\?))?/;\n\n      // Search backwards through resource entries to find the most recent match.\n      // Match criteria (first one with _y and _s values wins):\n      // - Same origin (exact host match) with tracking values, OR\n      // - Subdomain + SFAPI pathname with tracking values\n      const entries = performance.getEntriesByType(\n        'resource',\n      ) as PerformanceResourceTiming[];\n\n      let matchedValues: ReturnType<typeof extractFromPerformanceEntry>;\n\n      for (let i = entries.length - 1; i >= 0; i--) {\n        const entry = entries[i];\n\n        if (entry.initiatorType !== 'fetch') continue;\n\n        const currentHost = window.location.host;\n        const match = entry.name.match(resourceRE);\n        if (!match) continue;\n\n        const [, matchedHost, sfapiPath] = match;\n\n        const isMatch =\n          // Same origin (exact host match)\n          matchedHost === currentHost ||\n          // Subdomain with SFAPI path\n          (sfapiPath && matchedHost?.endsWith(`.${currentHost}`));\n\n        if (isMatch) {\n          const values = extractFromPerformanceEntry(entry);\n          if (values) {\n            matchedValues = values;\n            break;\n          }\n        }\n      }\n\n      if (matchedValues) {\n        trackingValues = matchedValues;\n      }\n\n      // Resource entries have a limited buffer and are removed over time.\n      // Cache the latest values for future calls if we find them.\n      // A cached resource entry is always newer than a navigation entry.\n      if (trackingValues) {\n        cachedTrackingValues.current = trackingValues;\n      } else if (cachedTrackingValues.current) {\n        // Fallback to cached values from previous calls:\n        trackingValues = cachedTrackingValues.current;\n      }\n\n      if (!trackingValues) {\n        // Fallback to navigation entry from full page rendering load:\n        const navigationEntries = performance.getEntriesByType(\n          'navigation',\n        )[0] as PerformanceNavigationTiming;\n\n        // Navigation entries might omit consent when the Hydrogen server generates it.\n        // In this case, we skip consent requirement and only extract _y and _s values.\n        trackingValues = extractFromPerformanceEntry(navigationEntries, false);\n      }\n    } catch {}\n  }\n\n  // Fallback to deprecated cookies to support transitioning:\n  if (!trackingValues) {\n    const cookie =\n      // Read from arguments to avoid declaring parameters in this function signature.\n      // This logic is only used internally from `getShopifyCookies` and will be deprecated.\n      typeof arguments[0] === 'string'\n        ? arguments[0]\n        : typeof document !== 'undefined'\n          ? document.cookie\n          : '';\n\n    trackingValues = {\n      uniqueToken: cookie.match(/\\b_shopify_y=([^;]+)/)?.[1] || '',\n      visitToken: cookie.match(/\\b_shopify_s=([^;]+)/)?.[1] || '',\n      consent: cookie.match(/\\b_tracking_consent=([^;]+)/)?.[1] || '',\n    };\n  }\n\n  return trackingValues;\n}\n\nfunction extractFromPerformanceEntry(\n  entry: PerformanceNavigationTiming | PerformanceResourceTiming,\n  isConsentRequired = true,\n): TrackingValues | undefined {\n  let uniqueToken = '';\n  let visitToken = '';\n  let consent = '';\n\n  const serverTiming = entry.serverTiming;\n  // Quick check: we need at least 3 entries (_y, _s, _cmp)\n  if (serverTiming && serverTiming.length >= 3) {\n    // Iterate backwards since our headers are typically at the end\n    for (let i = serverTiming.length - 1; i >= 0; i--) {\n      const {name, description} = serverTiming[i];\n      if (!name || !description) continue;\n\n      if (name === '_y') {\n        uniqueToken = description;\n      } else if (name === '_s') {\n        visitToken = description;\n      } else if (name === '_cmp') {\n        // _cmp (consent management platform) holds the consent value\n        // used by consent-tracking-api and privacy-banner scripts.\n        consent = description;\n      }\n\n      if (uniqueToken && visitToken && consent) break;\n    }\n  }\n\n  return uniqueToken && visitToken && (isConsentRequired ? consent : true)\n    ? {uniqueToken, visitToken, consent}\n    : undefined;\n}\n"],"names":[],"mappings":";;AACO,MAAM,6BAA6B;AAEnC,MAAM,8BAA8B;AAapC,MAAM,uBAET,EAAC,SAAS,KAAA;AAMP,SAAS,oBAAoC;;AAclD,MAAI;AAEJ,MACE,OAAO,WAAW,eAClB,OAAO,OAAO,gBAAgB,aAC9B;AACA,QAAI;AAIF,YAAM,aACJ;AAMF,YAAM,UAAU,YAAY;AAAA,QAC1B;AAAA,MAAA;AAGF,UAAI;AAEJ,eAAS,IAAI,QAAQ,SAAS,GAAG,KAAK,GAAG,KAAK;AAC5C,cAAM,QAAQ,QAAQ,CAAC;AAEvB,YAAI,MAAM,kBAAkB,QAAS;AAErC,cAAM,cAAc,OAAO,SAAS;AACpC,cAAM,QAAQ,MAAM,KAAK,MAAM,UAAU;AACzC,YAAI,CAAC,MAAO;AAEZ,cAAM,CAAA,EAAG,aAAa,SAAS,IAAI;AAEnC,cAAM;AAAA;AAAA,UAEJ,gBAAgB;AAAA,UAEf,cAAa,2CAAa,SAAS,IAAI,WAAW;AAAA;AAErD,YAAI,SAAS;AACX,gBAAM,SAAS,4BAA4B,KAAK;AAChD,cAAI,QAAQ;AACV,4BAAgB;AAChB;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,eAAe;AACjB,yBAAiB;AAAA,MACnB;AAKA,UAAI,gBAAgB;AAClB,6BAAqB,UAAU;AAAA,MACjC,WAAW,qBAAqB,SAAS;AAEvC,yBAAiB,qBAAqB;AAAA,MACxC;AAEA,UAAI,CAAC,gBAAgB;AAEnB,cAAM,oBAAoB,YAAY;AAAA,UACpC;AAAA,QAAA,EACA,CAAC;AAIH,yBAAiB,4BAA4B,mBAAmB,KAAK;AAAA,MACvE;AAAA,IACF,QAAQ;AAAA,IAAC;AAAA,EACX;AAGA,MAAI,CAAC,gBAAgB;AACnB,UAAM;AAAA;AAAA;AAAA,MAGJ,OAAO,UAAU,CAAC,MAAM,WACpB,UAAU,CAAC,IACX,OAAO,aAAa,cAClB,SAAS,SACT;AAAA;AAER,qBAAiB;AAAA,MACf,eAAa,YAAO,MAAM,sBAAsB,MAAnC,mBAAuC,OAAM;AAAA,MAC1D,cAAY,YAAO,MAAM,sBAAsB,MAAnC,mBAAuC,OAAM;AAAA,MACzD,WAAS,YAAO,MAAM,6BAA6B,MAA1C,mBAA8C,OAAM;AAAA,IAAA;AAAA,EAEjE;AAEA,SAAO;AACT;AAEA,SAAS,4BACP,OACA,oBAAoB,MACQ;AAC5B,MAAI,cAAc;AAClB,MAAI,aAAa;AACjB,MAAI,UAAU;AAEd,QAAM,eAAe,MAAM;AAE3B,MAAI,gBAAgB,aAAa,UAAU,GAAG;AAE5C,aAAS,IAAI,aAAa,SAAS,GAAG,KAAK,GAAG,KAAK;AACjD,YAAM,EAAC,MAAM,gBAAe,aAAa,CAAC;AAC1C,UAAI,CAAC,QAAQ,CAAC,YAAa;AAE3B,UAAI,SAAS,MAAM;AACjB,sBAAc;AAAA,MAChB,WAAW,SAAS,MAAM;AACxB,qBAAa;AAAA,MACf,WAAW,SAAS,QAAQ;AAG1B,kBAAU;AAAA,MACZ;AAEA,UAAI,eAAe,cAAc,QAAS;AAAA,IAC5C;AAAA,EACF;AAEA,SAAO,eAAe,eAAe,oBAAoB,UAAU,QAC/D,EAAC,aAAa,YAAY,QAAA,IAC1B;AACN;;;;;"}

package/dist/node-prod/tracking-utils.mjs

@@ -0,0 +1,92 @@
+const SHOPIFY_VISIT_TOKEN_HEADER = "X-Shopify-VisitToken";
+const SHOPIFY_UNIQUE_TOKEN_HEADER = "X-Shopify-UniqueToken";
+const cachedTrackingValues = { current: null };
+function getTrackingValues() {
+  var _a, _b, _c;
+  let trackingValues;
+  if (typeof window !== "undefined" && typeof window.performance !== "undefined") {
+    try {
+      const resourceRE = /^https?:\/\/([^/]+)(\/api\/(?:unstable|2\d{3}-\d{2})\/graphql\.json(?=$|\?))?/;
+      const entries = performance.getEntriesByType(
+        "resource"
+      );
+      let matchedValues;
+      for (let i = entries.length - 1; i >= 0; i--) {
+        const entry = entries[i];
+        if (entry.initiatorType !== "fetch") continue;
+        const currentHost = window.location.host;
+        const match = entry.name.match(resourceRE);
+        if (!match) continue;
+        const [, matchedHost, sfapiPath] = match;
+        const isMatch = (
+          // Same origin (exact host match)
+          matchedHost === currentHost || // Subdomain with SFAPI path
+          sfapiPath && (matchedHost == null ? void 0 : matchedHost.endsWith(`.${currentHost}`))
+        );
+        if (isMatch) {
+          const values = extractFromPerformanceEntry(entry);
+          if (values) {
+            matchedValues = values;
+            break;
+          }
+        }
+      }
+      if (matchedValues) {
+        trackingValues = matchedValues;
+      }
+      if (trackingValues) {
+        cachedTrackingValues.current = trackingValues;
+      } else if (cachedTrackingValues.current) {
+        trackingValues = cachedTrackingValues.current;
+      }
+      if (!trackingValues) {
+        const navigationEntries = performance.getEntriesByType(
+          "navigation"
+        )[0];
+        trackingValues = extractFromPerformanceEntry(navigationEntries, false);
+      }
+    } catch {
+    }
+  }
+  if (!trackingValues) {
+    const cookie = (
+      // Read from arguments to avoid declaring parameters in this function signature.
+      // This logic is only used internally from `getShopifyCookies` and will be deprecated.
+      typeof arguments[0] === "string" ? arguments[0] : typeof document !== "undefined" ? document.cookie : ""
+    );
+    trackingValues = {
+      uniqueToken: ((_a = cookie.match(/\b_shopify_y=([^;]+)/)) == null ? void 0 : _a[1]) || "",
+      visitToken: ((_b = cookie.match(/\b_shopify_s=([^;]+)/)) == null ? void 0 : _b[1]) || "",
+      consent: ((_c = cookie.match(/\b_tracking_consent=([^;]+)/)) == null ? void 0 : _c[1]) || ""
+    };
+  }
+  return trackingValues;
+}
+function extractFromPerformanceEntry(entry, isConsentRequired = true) {
+  let uniqueToken = "";
+  let visitToken = "";
+  let consent = "";
+  const serverTiming = entry.serverTiming;
+  if (serverTiming && serverTiming.length >= 3) {
+    for (let i = serverTiming.length - 1; i >= 0; i--) {
+      const { name, description } = serverTiming[i];
+      if (!name || !description) continue;
+      if (name === "_y") {
+        uniqueToken = description;
+      } else if (name === "_s") {
+        visitToken = description;
+      } else if (name === "_cmp") {
+        consent = description;
+      }
+      if (uniqueToken && visitToken && consent) break;
+    }
+  }
+  return uniqueToken && visitToken && (isConsentRequired ? consent : true) ? { uniqueToken, visitToken, consent } : void 0;
+}
+export {
+  SHOPIFY_UNIQUE_TOKEN_HEADER,
+  SHOPIFY_VISIT_TOKEN_HEADER,
+  cachedTrackingValues,
+  getTrackingValues
+};
+//# sourceMappingURL=tracking-utils.mjs.map

package/dist/node-prod/tracking-utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracking-utils.mjs","sources":["../../src/tracking-utils.ts"],"sourcesContent":["/** Storefront API header for VisitToken */\nexport const SHOPIFY_VISIT_TOKEN_HEADER = 'X-Shopify-VisitToken';\n/** Storefront API header for UniqueToken */\nexport const SHOPIFY_UNIQUE_TOKEN_HEADER = 'X-Shopify-UniqueToken';\n\ntype TrackingValues = {\n  /** Identifier for the unique user. Equivalent to the deprecated _shopify_y cookie */\n  uniqueToken: string;\n  /** Identifier for the current visit. Equivalent to the deprecated _shopify_s cookie */\n  visitToken: string;\n  /** Represents the consent given by the user or the default region consent configured in Admin */\n  consent: string;\n};\n\n// Cache values to avoid losing them when performance\n// entries are cleared from the buffer over time.\nexport const cachedTrackingValues: {\n  current: null | TrackingValues;\n} = {current: null};\n\n/**\n * Retrieves user session tracking values for analytics\n * and marketing from the browser environment.\n */\nexport function getTrackingValues(): TrackingValues {\n  // Overall behavior: Tracking values are returned in Server-Timing headers from\n  // Storefront API responses, and we want to find and return these tracking values.\n  //\n  // Search recent fetches for SFAPI requests matching either: same origin (proxy case)\n  // or a subdomain of the current host (eg: checkout subdomain, if there is no proxy).\n  // We consider SF API-like endpoints (/api/.../graphql.json) on subdomains, as well as\n  // any same-origin request. The reason for the latter is that Hydrogen server collects\n  // tracking values and returns them in any non-cached response, not just direct SF API\n  // responses. For example, a cart mutation in a server action could return tracking values.\n  //\n  // If we didn't find tracking values in fetch requests, we fall back to checking cached values,\n  // then the initial page navigation entry, and finally the deprecated `_shopify_s` and `_shopify_y`.\n\n  let trackingValues: TrackingValues | undefined;\n\n  if (\n    typeof window !== 'undefined' &&\n    typeof window.performance !== 'undefined'\n  ) {\n    try {\n      // RE to extract host and optionally match SFAPI pathname.\n      // Group 1: host (e.g. \"checkout.mystore.com\")\n      // Group 2: SFAPI path if present (e.g. \"/api/2024-01/graphql.json\")\n      const resourceRE =\n        /^https?:\\/\\/([^/]+)(\\/api\\/(?:unstable|2\\d{3}-\\d{2})\\/graphql\\.json(?=$|\\?))?/;\n\n      // Search backwards through resource entries to find the most recent match.\n      // Match criteria (first one with _y and _s values wins):\n      // - Same origin (exact host match) with tracking values, OR\n      // - Subdomain + SFAPI pathname with tracking values\n      const entries = performance.getEntriesByType(\n        'resource',\n      ) as PerformanceResourceTiming[];\n\n      let matchedValues: ReturnType<typeof extractFromPerformanceEntry>;\n\n      for (let i = entries.length - 1; i >= 0; i--) {\n        const entry = entries[i];\n\n        if (entry.initiatorType !== 'fetch') continue;\n\n        const currentHost = window.location.host;\n        const match = entry.name.match(resourceRE);\n        if (!match) continue;\n\n        const [, matchedHost, sfapiPath] = match;\n\n        const isMatch =\n          // Same origin (exact host match)\n          matchedHost === currentHost ||\n          // Subdomain with SFAPI path\n          (sfapiPath && matchedHost?.endsWith(`.${currentHost}`));\n\n        if (isMatch) {\n          const values = extractFromPerformanceEntry(entry);\n          if (values) {\n            matchedValues = values;\n            break;\n          }\n        }\n      }\n\n      if (matchedValues) {\n        trackingValues = matchedValues;\n      }\n\n      // Resource entries have a limited buffer and are removed over time.\n      // Cache the latest values for future calls if we find them.\n      // A cached resource entry is always newer than a navigation entry.\n      if (trackingValues) {\n        cachedTrackingValues.current = trackingValues;\n      } else if (cachedTrackingValues.current) {\n        // Fallback to cached values from previous calls:\n        trackingValues = cachedTrackingValues.current;\n      }\n\n      if (!trackingValues) {\n        // Fallback to navigation entry from full page rendering load:\n        const navigationEntries = performance.getEntriesByType(\n          'navigation',\n        )[0] as PerformanceNavigationTiming;\n\n        // Navigation entries might omit consent when the Hydrogen server generates it.\n        // In this case, we skip consent requirement and only extract _y and _s values.\n        trackingValues = extractFromPerformanceEntry(navigationEntries, false);\n      }\n    } catch {}\n  }\n\n  // Fallback to deprecated cookies to support transitioning:\n  if (!trackingValues) {\n    const cookie =\n      // Read from arguments to avoid declaring parameters in this function signature.\n      // This logic is only used internally from `getShopifyCookies` and will be deprecated.\n      typeof arguments[0] === 'string'\n        ? arguments[0]\n        : typeof document !== 'undefined'\n          ? document.cookie\n          : '';\n\n    trackingValues = {\n      uniqueToken: cookie.match(/\\b_shopify_y=([^;]+)/)?.[1] || '',\n      visitToken: cookie.match(/\\b_shopify_s=([^;]+)/)?.[1] || '',\n      consent: cookie.match(/\\b_tracking_consent=([^;]+)/)?.[1] || '',\n    };\n  }\n\n  return trackingValues;\n}\n\nfunction extractFromPerformanceEntry(\n  entry: PerformanceNavigationTiming | PerformanceResourceTiming,\n  isConsentRequired = true,\n): TrackingValues | undefined {\n  let uniqueToken = '';\n  let visitToken = '';\n  let consent = '';\n\n  const serverTiming = entry.serverTiming;\n  // Quick check: we need at least 3 entries (_y, _s, _cmp)\n  if (serverTiming && serverTiming.length >= 3) {\n    // Iterate backwards since our headers are typically at the end\n    for (let i = serverTiming.length - 1; i >= 0; i--) {\n      const {name, description} = serverTiming[i];\n      if (!name || !description) continue;\n\n      if (name === '_y') {\n        uniqueToken = description;\n      } else if (name === '_s') {\n        visitToken = description;\n      } else if (name === '_cmp') {\n        // _cmp (consent management platform) holds the consent value\n        // used by consent-tracking-api and privacy-banner scripts.\n        consent = description;\n      }\n\n      if (uniqueToken && visitToken && consent) break;\n    }\n  }\n\n  return uniqueToken && visitToken && (isConsentRequired ? consent : true)\n    ? {uniqueToken, visitToken, consent}\n    : undefined;\n}\n"],"names":[],"mappings":"AACO,MAAM,6BAA6B;AAEnC,MAAM,8BAA8B;AAapC,MAAM,uBAET,EAAC,SAAS,KAAA;AAMP,SAAS,oBAAoC;AAvB7C;AAqCL,MAAI;AAEJ,MACE,OAAO,WAAW,eAClB,OAAO,OAAO,gBAAgB,aAC9B;AACA,QAAI;AAIF,YAAM,aACJ;AAMF,YAAM,UAAU,YAAY;AAAA,QAC1B;AAAA,MAAA;AAGF,UAAI;AAEJ,eAAS,IAAI,QAAQ,SAAS,GAAG,KAAK,GAAG,KAAK;AAC5C,cAAM,QAAQ,QAAQ,CAAC;AAEvB,YAAI,MAAM,kBAAkB,QAAS;AAErC,cAAM,cAAc,OAAO,SAAS;AACpC,cAAM,QAAQ,MAAM,KAAK,MAAM,UAAU;AACzC,YAAI,CAAC,MAAO;AAEZ,cAAM,CAAA,EAAG,aAAa,SAAS,IAAI;AAEnC,cAAM;AAAA;AAAA,UAEJ,gBAAgB;AAAA,UAEf,cAAa,2CAAa,SAAS,IAAI,WAAW;AAAA;AAErD,YAAI,SAAS;AACX,gBAAM,SAAS,4BAA4B,KAAK;AAChD,cAAI,QAAQ;AACV,4BAAgB;AAChB;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,eAAe;AACjB,yBAAiB;AAAA,MACnB;AAKA,UAAI,gBAAgB;AAClB,6BAAqB,UAAU;AAAA,MACjC,WAAW,qBAAqB,SAAS;AAEvC,yBAAiB,qBAAqB;AAAA,MACxC;AAEA,UAAI,CAAC,gBAAgB;AAEnB,cAAM,oBAAoB,YAAY;AAAA,UACpC;AAAA,QAAA,EACA,CAAC;AAIH,yBAAiB,4BAA4B,mBAAmB,KAAK;AAAA,MACvE;AAAA,IACF,QAAQ;AAAA,IAAC;AAAA,EACX;AAGA,MAAI,CAAC,gBAAgB;AACnB,UAAM;AAAA;AAAA;AAAA,MAGJ,OAAO,UAAU,CAAC,MAAM,WACpB,UAAU,CAAC,IACX,OAAO,aAAa,cAClB,SAAS,SACT;AAAA;AAER,qBAAiB;AAAA,MACf,eAAa,YAAO,MAAM,sBAAsB,MAAnC,mBAAuC,OAAM;AAAA,MAC1D,cAAY,YAAO,MAAM,sBAAsB,MAAnC,mBAAuC,OAAM;AAAA,MACzD,WAAS,YAAO,MAAM,6BAA6B,MAA1C,mBAA8C,OAAM;AAAA,IAAA;AAAA,EAEjE;AAEA,SAAO;AACT;AAEA,SAAS,4BACP,OACA,oBAAoB,MACQ;AAC5B,MAAI,cAAc;AAClB,MAAI,aAAa;AACjB,MAAI,UAAU;AAEd,QAAM,eAAe,MAAM;AAE3B,MAAI,gBAAgB,aAAa,UAAU,GAAG;AAE5C,aAAS,IAAI,aAAa,SAAS,GAAG,KAAK,GAAG,KAAK;AACjD,YAAM,EAAC,MAAM,gBAAe,aAAa,CAAC;AAC1C,UAAI,CAAC,QAAQ,CAAC,YAAa;AAE3B,UAAI,SAAS,MAAM;AACjB,sBAAc;AAAA,MAChB,WAAW,SAAS,MAAM;AACxB,qBAAa;AAAA,MACf,WAAW,SAAS,QAAQ;AAG1B,kBAAU;AAAA,MACZ;AAEA,UAAI,eAAe,cAAc,QAAS;AAAA,IAC5C;AAAA,EACF;AAEA,SAAO,eAAe,eAAe,oBAAoB,UAAU,QAC/D,EAAC,aAAa,YAAY,QAAA,IAC1B;AACN;"}

package/dist/node-prod/useShopifyCookies.js

@@ -4,17 +4,26 @@ const React = require("react");
 const cookie = require("worktop/cookie");
 const cartConstants = require("./cart-constants.js");
 const cookiesUtils = require("./cookies-utils.js");
+const trackingUtils = require("./tracking-utils.js");
 const longTermLength = 60 * 60 * 24 * 360 * 1;
 const shortTermLength = 60 * 30;
 function useShopifyCookies(options) {
   const {
-    hasUserConsent = false,
+    hasUserConsent,
     domain = "",
-    checkoutDomain = ""
+    checkoutDomain = "",
+    storefrontAccessToken,
+    fetchTrackingValues,
+    ignoreDeprecatedCookies = false
   } = options || {};
+  const coreCookiesReady = useCoreShopifyCookies({
+    storefrontAccessToken,
+    fetchTrackingValues,
+    checkoutDomain
+  });
   React.useEffect(() => {
-    const cookies = cookiesUtils.getShopifyCookies(document.cookie);
-    let currentDomain = domain || window.document.location.host;
+    if (ignoreDeprecatedCookies || !coreCookiesReady) return;
+    let currentDomain = domain || window.location.host;
     if (checkoutDomain) {
       const checkoutDomainParts = checkoutDomain.split(".").reverse();
       const currentDomainParts = currentDomain.split(".").reverse();
@@ -29,15 +38,19 @@ function useShopifyCookies(options) {
     if (/^localhost/.test(currentDomain)) currentDomain = "";
     const domainWithLeadingDot = currentDomain ? /^\./.test(currentDomain) ? currentDomain : `.${currentDomain}` : "";
     if (hasUserConsent) {
+      const trackingValues = trackingUtils.getTrackingValues();
+      if ((trackingValues.uniqueToken || trackingValues.visitToken || "").startsWith("00000000-")) {
+        return;
+      }
       setCookie(
         cartConstants.SHOPIFY_Y,
-        cookies[cartConstants.SHOPIFY_Y] || cookiesUtils.buildUUID(),
+        trackingValues.uniqueToken || cookiesUtils.buildUUID(),
         longTermLength,
         domainWithLeadingDot
       );
       setCookie(
         cartConstants.SHOPIFY_S,
-        cookies[cartConstants.SHOPIFY_S] || cookiesUtils.buildUUID(),
+        trackingValues.visitToken || cookiesUtils.buildUUID(),
         shortTermLength,
         domainWithLeadingDot
       );
@@ -45,7 +58,14 @@ function useShopifyCookies(options) {
       setCookie(cartConstants.SHOPIFY_Y, "", 0, domainWithLeadingDot);
       setCookie(cartConstants.SHOPIFY_S, "", 0, domainWithLeadingDot);
     }
-  }, [options, hasUserConsent, domain, checkoutDomain]);
+  }, [
+    coreCookiesReady,
+    hasUserConsent,
+    domain,
+    checkoutDomain,
+    ignoreDeprecatedCookies
+  ]);
+  return coreCookiesReady;
 }
 function setCookie(name, value, maxage, domain) {
   document.cookie = cookie.stringify(name, value, {
@@ -55,5 +75,72 @@ function setCookie(name, value, maxage, domain) {
     path: "/"
   });
 }
+async function fetchTrackingValuesFromBrowser(storefrontAccessToken, storefrontApiDomain = "") {
+  const { uniqueToken, visitToken } = trackingUtils.getTrackingValues();
+  const response = await fetch(
+    // TODO: update this endpoint when it becomes stable
+    `${storefrontApiDomain.replace(/\/+$/, "")}/api/unstable/graphql.json`,
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...storefrontAccessToken && {
+          "X-Shopify-Storefront-Access-Token": storefrontAccessToken
+        },
+        ...visitToken || uniqueToken ? {
+          [trackingUtils.SHOPIFY_VISIT_TOKEN_HEADER]: visitToken,
+          [trackingUtils.SHOPIFY_UNIQUE_TOKEN_HEADER]: uniqueToken
+        } : void 0
+      },
+      body: JSON.stringify({
+        query: (
+          // This query ensures we get _cmp (consent) server-timing header, which is not available in other queries.
+          // This value can be passed later to consent-tracking-api and privacy-banner scripts to avoid extra requests.
+          "query ensureCookies { consentManagement { cookies(visitorConsent:{}) { cookieDomain } } }"
+        )
+      })
+    }
+  );
+  if (!response.ok) {
+    throw new Error(
+      `Failed to fetch consent from browser: ${response.status} ${response.statusText}`
+    );
+  }
+  await response.json();
+  trackingUtils.getTrackingValues();
+}
+function useCoreShopifyCookies({
+  checkoutDomain,
+  storefrontAccessToken,
+  fetchTrackingValues = false
+}) {
+  const [cookiesReady, setCookiesReady] = React.useState(!fetchTrackingValues);
+  const hasFetchedTrackingValues = React.useRef(false);
+  React.useEffect(() => {
+    if (!fetchTrackingValues) {
+      setCookiesReady(true);
+      return;
+    }
+    if (hasFetchedTrackingValues.current) return;
+    hasFetchedTrackingValues.current = true;
+    fetchTrackingValuesFromBrowser(storefrontAccessToken).catch(
+      (error) => checkoutDomain ? (
+        // Retry with checkout domain if available to at least
+        // get the server-timing values for tracking.
+        fetchTrackingValuesFromBrowser(
+          storefrontAccessToken,
+          checkoutDomain
+        )
+      ) : Promise.reject(error)
+    ).catch((error) => {
+      console.warn(
+        "[h2:warn:useShopifyCookies] Failed to fetch tracking values from browser: " + (error instanceof Error ? error.message : String(error))
+      );
+    }).finally(() => {
+      setCookiesReady(true);
+    });
+  }, [checkoutDomain, fetchTrackingValues, storefrontAccessToken]);
+  return cookiesReady;
+}
 exports.useShopifyCookies = useShopifyCookies;
 //# sourceMappingURL=useShopifyCookies.js.map