@shopify/hydrogen 2024.7.9 → 2024.7.10

package/dist/development/index.cjs

@@ -6,6 +6,7 @@ var react$1 = require('@remix-run/react');
 var jsxRuntime = require('react/jsx-runtime');
 var cookie = require('worktop/cookie');
 var cspBuilder = require('content-security-policy-builder');
+var serverRuntime = require('@remix-run/server-runtime');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -426,13 +427,16 @@ async function runWithCache(cacheKey, actionFn, {
 }
 
 // src/cache/server-fetch.ts
+var excludedHeaders = ["set-cookie", "server-timing"];
 function toSerializableResponse(body, response) {
   return [
     body,
     {
       status: response.status,
       statusText: response.statusText,
-      headers: Array.from(response.headers.entries())
+      headers: [...response.headers].filter(
+        ([key]) => !excludedHeaders.includes(key.toLowerCase())
+      )
     }
   ];
 }
@@ -447,7 +451,8 @@ async function fetchWithServerCache(url, requestInit, {
   shouldCacheResponse = () => true,
   waitUntil,
   returnType = "json",
-  debugInfo
+  debugInfo,
+  onRawHeaders
 } = {}) {
   if (!cacheOptions && (!requestInit.method || requestInit.method === "GET")) {
     cacheOptions = CacheShort();
@@ -456,6 +461,7 @@ async function fetchWithServerCache(url, requestInit, {
     cacheKey,
     async () => {
       const response = await fetch(url, requestInit);
+      onRawHeaders?.(response.headers);
       let data;
       try {
         data = await response[returnType]();
@@ -484,6 +490,10 @@ var STOREFRONT_ACCESS_TOKEN_HEADER = "X-Shopify-Storefront-Access-Token";
 var SDK_VARIANT_HEADER = "X-SDK-Variant";
 var SDK_VARIANT_SOURCE_HEADER = "X-SDK-Variant-Source";
 var SDK_VERSION_HEADER = "X-SDK-Version";
+var SHOPIFY_CLIENT_IP_HEADER = "X-Shopify-Client-IP";
+var SHOPIFY_CLIENT_IP_SIG_HEADER = "X-Shopify-Client-IP-Sig";
+var HYDROGEN_SFAPI_PROXY_KEY = "_sfapi_proxy";
+var HYDROGEN_SERVER_TRACKING_KEY = "_server_tracking";
 
 // src/utils/uuid.ts
 function generateUUID() {
@@ -511,7 +521,7 @@ var errorOnce = (string) => {
 };
 
 // src/version.ts
-var LIB_VERSION = "2024.7.9";
+var LIB_VERSION = "2024.7.10";
 
 // src/utils/graphql.ts
 function minifyQuery(string) {
@@ -687,6 +697,78 @@ var getCallerStackLine = (stackOffset = 0) => {
   return stackInfo;
 } ;
 
+// src/utils/request.ts
+function getHeader(request, key) {
+  return getHeaderValue(request.headers, key);
+}
+function getHeaderValue(headers, key) {
+  const value = headers?.get?.(key) ?? headers?.[key];
+  return typeof value === "string" ? value : null;
+}
+function getDebugHeaders(request) {
+  return {
+    requestId: request ? getHeader(request, "request-id") : void 0,
+    purpose: request ? getHeader(request, "purpose") : void 0
+  };
+}
+var SFAPI_RE = /^\/api\/(unstable|2\d{3}-\d{2})\/graphql\.json$/;
+var getSafePathname = (url) => {
+  try {
+    return new URL(url, "http://e.c").pathname;
+  } catch {
+    return "/";
+  }
+};
+function extractHeaders(extract, keys) {
+  return keys.reduce((acc, key) => {
+    const forwardedValue = extract(key);
+    if (forwardedValue) acc.push([key, forwardedValue]);
+    return acc;
+  }, []);
+}
+
+// src/utils/server-timing.ts
+function buildServerTimingHeader(values) {
+  return Object.entries(values).map(([key, value]) => value ? `${key};desc=${value}` : void 0).filter(Boolean).join(", ");
+}
+function appendServerTimingHeader(response, values) {
+  const header = typeof values === "string" ? values : buildServerTimingHeader(values);
+  if (header) {
+    response.headers.append("Server-Timing", header);
+  }
+}
+var trackedTimings = ["_y", "_s", "_cmp"];
+function extractServerTimingHeader(serverTimingHeader) {
+  const values = {};
+  if (!serverTimingHeader) return values;
+  const re = new RegExp(
+    `\\b(${trackedTimings.join("|")});desc="?([^",]+)"?`,
+    "g"
+  );
+  let match;
+  while ((match = re.exec(serverTimingHeader)) !== null) {
+    values[match[1]] = match[2];
+  }
+  return values;
+}
+function hasServerTimingInNavigationEntry(key) {
+  if (typeof window === "undefined") return false;
+  try {
+    const navigationEntry = window.performance.getEntriesByType(
+      "navigation"
+    )[0];
+    return !!navigationEntry?.serverTiming?.some((entry) => entry.name === key);
+  } catch (e) {
+    return false;
+  }
+}
+function isSfapiProxyEnabled() {
+  return hasServerTimingInNavigationEntry(HYDROGEN_SFAPI_PROXY_KEY);
+}
+function hasServerReturnedTrackingValues() {
+  return hasServerTimingInNavigationEntry(HYDROGEN_SERVER_TRACKING_KEY);
+}
+
 // src/storefront.ts
 var defaultI18n = { language: "EN", country: "US" };
 function createStorefrontClient(options) {
@@ -716,16 +798,34 @@ function createStorefrontClient(options) {
     contentType: "json",
     buyerIp: storefrontHeaders?.buyerIp || ""
   });
+  if (storefrontHeaders?.buyerIp) {
+    defaultHeaders[SHOPIFY_CLIENT_IP_HEADER] = storefrontHeaders.buyerIp;
+  }
+  if (storefrontHeaders?.buyerIpSig) {
+    defaultHeaders[SHOPIFY_CLIENT_IP_SIG_HEADER] = storefrontHeaders.buyerIpSig;
+  }
   defaultHeaders[STOREFRONT_REQUEST_GROUP_ID_HEADER] = storefrontHeaders?.requestGroupId || generateUUID();
   if (storefrontId) defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_ID_HEADER] = storefrontId;
   defaultHeaders["user-agent"] = `Hydrogen ${LIB_VERSION}`;
-  if (storefrontHeaders && storefrontHeaders.cookie) {
-    const cookies = hydrogenReact.getShopifyCookies(storefrontHeaders.cookie ?? "");
-    if (cookies[hydrogenReact.SHOPIFY_Y])
-      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_Y_HEADER] = cookies[hydrogenReact.SHOPIFY_Y];
-    if (cookies[hydrogenReact.SHOPIFY_S])
-      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_S_HEADER] = cookies[hydrogenReact.SHOPIFY_S];
+  const requestCookie = storefrontHeaders?.cookie ?? "";
+  if (requestCookie) defaultHeaders["cookie"] = requestCookie;
+  let uniqueToken;
+  let visitToken;
+  if (!/\b_shopify_(analytics|marketing)=/.test(requestCookie)) {
+    const legacyUniqueToken = requestCookie.match(/\b_shopify_y=([^;]+)/)?.[1];
+    const legacyVisitToken = requestCookie.match(/\b_shopify_s=([^;]+)/)?.[1];
+    if (legacyUniqueToken) {
+      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_Y_HEADER] = legacyUniqueToken;
+    }
+    if (legacyVisitToken) {
+      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_S_HEADER] = legacyVisitToken;
+    }
+    uniqueToken = legacyUniqueToken ?? generateUUID();
+    visitToken = legacyVisitToken ?? generateUUID();
+    defaultHeaders[hydrogenReact.SHOPIFY_UNIQUE_TOKEN_HEADER] = uniqueToken;
+    defaultHeaders[hydrogenReact.SHOPIFY_VISIT_TOKEN_HEADER] = visitToken;
   }
+  let collectedSubrequestHeaders;
   const cacheKeyHeader = JSON.stringify({
     "content-type": defaultHeaders["content-type"],
     "user-agent": defaultHeaders["user-agent"],
@@ -784,6 +884,13 @@ function createStorefrontClient(options) {
         stackInfo,
         graphql: graphqlData,
         purpose: storefrontHeaders?.purpose
+      },
+      onRawHeaders: (headers2) => {
+        collectedSubrequestHeaders ??= {
+          // `getSetCookie` may not be available in all environments (e.g., classic Remix compiler)
+          setCookie: typeof headers2.getSetCookie === "function" ? headers2.getSetCookie() : [],
+          serverTiming: headers2.get("server-timing") ?? ""
+        };
       }
     });
     const errorOptions = {
@@ -878,9 +985,90 @@ function createStorefrontClient(options) {
       generateCacheControlHeader,
       getPublicTokenHeaders,
       getPrivateTokenHeaders,
+      getHeaders: () => ({ ...defaultHeaders }),
       getShopifyDomain,
       getApiUrl: getStorefrontApiUrl,
-      i18n: i18n ?? defaultI18n
+      i18n: i18n ?? defaultI18n,
+      /**
+       * Checks if the request is targeting the Storefront API endpoint.
+       */
+      isStorefrontApiUrl(request) {
+        return SFAPI_RE.test(getSafePathname(request.url ?? ""));
+      },
+      /**
+       * Forwards the request to the Storefront API.
+       */
+      async forward(request, options2) {
+        const forwardedHeaders = new Headers([
+          // Forward only a selected set of headers to the Storefront API
+          // to avoid getting 403 errors due to unexpected headers.
+          ...extractHeaders(
+            (key) => request.headers.get(key),
+            [
+              "accept",
+              "accept-encoding",
+              "accept-language",
+              // Access-Control headers are used for CORS preflight requests.
+              "access-control-request-headers",
+              "access-control-request-method",
+              "content-type",
+              "content-length",
+              "cookie",
+              "origin",
+              "referer",
+              "user-agent",
+              STOREFRONT_ACCESS_TOKEN_HEADER,
+              hydrogenReact.SHOPIFY_UNIQUE_TOKEN_HEADER,
+              hydrogenReact.SHOPIFY_VISIT_TOKEN_HEADER
+            ]
+          ),
+          // Add some headers to help with geolocalization and debugging
+          ...extractHeaders(
+            (key) => defaultHeaders[key],
+            [
+              SHOPIFY_CLIENT_IP_HEADER,
+              SHOPIFY_CLIENT_IP_SIG_HEADER,
+              hydrogenReact.SHOPIFY_STOREFRONT_ID_HEADER,
+              STOREFRONT_REQUEST_GROUP_ID_HEADER
+            ]
+          )
+        ]);
+        if (storefrontHeaders?.buyerIp) {
+          forwardedHeaders.set("x-forwarded-for", storefrontHeaders.buyerIp);
+        }
+        const storefrontApiVersion = options2?.storefrontApiVersion ?? getSafePathname(request.url).match(SFAPI_RE)?.[1];
+        const sfapiResponse = await fetch(
+          getStorefrontApiUrl({ storefrontApiVersion }),
+          {
+            method: request.method,
+            body: request.body,
+            headers: forwardedHeaders
+          }
+        );
+        return new Response(sfapiResponse.body, sfapiResponse);
+      },
+      setCollectedSubrequestHeaders: (response) => {
+        if (collectedSubrequestHeaders) {
+          for (const value of collectedSubrequestHeaders.setCookie) {
+            response.headers.append("Set-Cookie", value);
+          }
+        }
+        const serverTiming = extractServerTimingHeader(
+          collectedSubrequestHeaders?.serverTiming
+        );
+        const isDocumentResponse = response.headers.get("content-type")?.startsWith("text/html");
+        const fallbackValues = isDocumentResponse ? { _y: uniqueToken, _s: visitToken } : void 0;
+        appendServerTimingHeader(response, {
+          ...fallbackValues,
+          ...serverTiming
+        });
+        if (isDocumentResponse && collectedSubrequestHeaders && // _shopify_essential cookie is always set, but we need more than that
+        collectedSubrequestHeaders.setCookie.length > 1 && serverTiming?._y && serverTiming?._s && serverTiming?._cmp) {
+          appendServerTimingHeader(response, {
+            [HYDROGEN_SERVER_TRACKING_KEY]: "1"
+          });
+        }
+      }
     }
   };
 }
@@ -898,21 +1086,6 @@ function formatAPIResult(data, errors2) {
   };
 }
 
-// src/utils/request.ts
-function getHeader(request, key) {
-  return getHeaderValue(request.headers, key);
-}
-function getHeaderValue(headers, key) {
-  const value = headers?.get?.(key) ?? headers?.[key];
-  return typeof value === "string" ? value : null;
-}
-function getDebugHeaders(request) {
-  return {
-    requestId: request ? getHeader(request, "request-id") : void 0,
-    purpose: request ? getHeader(request, "purpose") : void 0
-  };
-}
-
 // src/cache/create-with-cache.ts
 function createWithCache(cacheOptions) {
   const { cache, waitUntil, request } = cacheOptions;
@@ -4222,7 +4395,7 @@ var AnalyticsEvent = {
   // Custom
   CUSTOM_EVENT: `custom_`
 };
-var CONSENT_API = "https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js";
+var CONSENT_API = "https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.2/consent-tracking-api.js";
 var CONSENT_API_WITH_BANNER = "https://cdn.shopify.com/shopifycloud/privacy-banner/storefront-banner.js";
 function logMissingConfig(fieldName) {
   console.error(
@@ -4234,19 +4407,34 @@ function useCustomerPrivacy(props) {
     withPrivacyBanner = true,
     onVisitorConsentCollected,
     onReady,
-    ...consentConfig
+    checkoutDomain,
+    storefrontAccessToken,
+    country,
+    locale,
+    sameDomainForStorefrontApi
   } = props;
+  const hasSfapiProxy = react.useMemo(
+    () => sameDomainForStorefrontApi ?? isSfapiProxyEnabled(),
+    [sameDomainForStorefrontApi]
+  );
+  const fetchTrackingValuesFromBrowser = react.useMemo(
+    () => hasSfapiProxy && !hasServerReturnedTrackingValues(),
+    [hasSfapiProxy]
+  );
+  const cookiesReady = hydrogenReact.useShopifyCookies({
+    fetchTrackingValues: fetchTrackingValuesFromBrowser,
+    storefrontAccessToken,
+    ignoreDeprecatedCookies: true
+  });
+  const initialTrackingValues = react.useMemo(hydrogenReact.getTrackingValues, [cookiesReady]);
+  const { revalidate } = react$1.useRevalidator();
   hydrogenReact.useLoadScript(withPrivacyBanner ? CONSENT_API_WITH_BANNER : CONSENT_API, {
     attributes: {
       id: "customer-privacy-api"
     }
   });
-  const { observing, setLoaded } = useApisLoaded({
-    withPrivacyBanner,
-    onLoaded: onReady
-  });
+  const { observing, setLoaded, apisLoaded } = useApisLoaded({ withPrivacyBanner });
   const config = react.useMemo(() => {
-    const { checkoutDomain, storefrontAccessToken } = consentConfig;
     if (!checkoutDomain) logMissingConfig("checkoutDomain");
     if (!storefrontAccessToken) logMissingConfig("storefrontAccessToken");
     if (storefrontAccessToken.startsWith("shpat_") || storefrontAccessToken.length !== 32) {
@@ -4254,18 +4442,50 @@ function useCustomerPrivacy(props) {
         `[h2:error:useCustomerPrivacy] It looks like you passed a private access token, make sure to use the public token`
       );
     }
+    const commonAncestorDomain = parseStoreDomain(checkoutDomain);
+    const sfapiDomain = (
+      // Check if standard route proxy is enabled in Hydrogen server
+      // to use it instead of doing a cross-origin request to checkout.
+      hasSfapiProxy && typeof window !== "undefined" ? window.location.host : checkoutDomain
+    );
     const config2 = {
-      checkoutRootDomain: checkoutDomain,
+      // This domain is used to send requests to SFAPI for setting and getting consent.
+      checkoutRootDomain: sfapiDomain,
+      // Prefix with a dot to ensure this domain is different from checkoutRootDomain.
+      // This will ensure old cookies are set for a cross-subdomain checkout setup
+      // so that we keep backward compatibility until new cookies are rolled out.
+      // Once consent-tracking-api is updated to not rely on cookies anymore, we can remove this.
+      storefrontRootDomain: commonAncestorDomain ? "." + commonAncestorDomain : void 0,
       storefrontAccessToken,
-      storefrontRootDomain: parseStoreDomain(checkoutDomain),
-      country: consentConfig.country,
-      locale: consentConfig.locale
+      country,
+      locale
     };
     return config2;
-  }, [consentConfig, parseStoreDomain, logMissingConfig]);
+  }, [
+    logMissingConfig,
+    checkoutDomain,
+    storefrontAccessToken,
+    country,
+    locale
+  ]);
   react.useEffect(() => {
     const consentCollectedHandler = (event) => {
+      const latestTrackingValues = hydrogenReact.getTrackingValues();
+      if (initialTrackingValues.visitToken !== latestTrackingValues.visitToken || initialTrackingValues.uniqueToken !== latestTrackingValues.uniqueToken) {
+        revalidate();
+      }
       if (onVisitorConsentCollected) {
+        const customerPrivacy = getCustomerPrivacy();
+        if (customerPrivacy?.shouldShowBanner()) {
+          const consentValues = customerPrivacy.currentVisitorConsent();
+          if (consentValues) {
+            const NO_VALUE = "";
+            const noInteraction = consentValues.marketing === NO_VALUE && consentValues.analytics === NO_VALUE && consentValues.preferences === NO_VALUE;
+            if (noInteraction) {
+              return;
+            }
+          }
+        }
         onVisitorConsentCollected(event.detail);
       }
     };
@@ -4291,14 +4511,11 @@ function useCustomerPrivacy(props) {
       },
       set(value) {
         if (typeof value === "object" && value !== null && "showPreferences" in value && "loadBanner" in value) {
-          const privacyBanner = value;
-          privacyBanner.loadBanner(config);
           customPrivacyBanner = overridePrivacyBannerMethods({
-            privacyBanner,
+            privacyBanner: value,
             config
           });
           setLoaded.privacyBanner();
-          emitCustomerPrivacyApiLoaded();
         }
       }
     };
@@ -4332,6 +4549,8 @@ function useCustomerPrivacy(props) {
                 const customerPrivacy = value2;
                 customCustomerPrivacy = {
                   ...customerPrivacy,
+                  // Note: this method is not used by the privacy-banner,
+                  // it bundles its own setTrackingConsent.
                   setTrackingConsent: overrideCustomerPrivacySetTrackingConsent(
                     { customerPrivacy, config }
                   )
@@ -4341,7 +4560,6 @@ function useCustomerPrivacy(props) {
                   customerPrivacy: customCustomerPrivacy
                 };
                 setLoaded.customerPrivacy();
-                emitCustomerPrivacyApiLoaded();
               }
             }
           });
@@ -4353,6 +4571,24 @@ function useCustomerPrivacy(props) {
     overrideCustomerPrivacySetTrackingConsent,
     setLoaded.customerPrivacy
   ]);
+  react.useEffect(() => {
+    if (!apisLoaded || !cookiesReady) return;
+    const customerPrivacy = getCustomerPrivacy();
+    if (customerPrivacy && !customerPrivacy.cachedConsent) {
+      const trackingValues = hydrogenReact.getTrackingValues();
+      if (trackingValues.consent) {
+        customerPrivacy.cachedConsent = trackingValues.consent;
+      }
+    }
+    if (withPrivacyBanner) {
+      const privacyBanner = getPrivacyBanner();
+      if (privacyBanner) {
+        privacyBanner.loadBanner(config);
+      }
+    }
+    emitCustomerPrivacyApiLoaded();
+    onReady?.();
+  }, [apisLoaded, cookiesReady]);
   const result = {
     customerPrivacy: getCustomerPrivacy()
   };
@@ -4368,15 +4604,12 @@ function emitCustomerPrivacyApiLoaded() {
   const event = new CustomEvent("shopifyCustomerPrivacyApiLoaded");
   document.dispatchEvent(event);
 }
-function useApisLoaded({
-  withPrivacyBanner,
-  onLoaded
-}) {
+function useApisLoaded({ withPrivacyBanner }) {
   const observing = react.useRef({ customerPrivacy: false, privacyBanner: false });
-  const [apisLoaded, setApisLoaded] = react.useState(
+  const [apisLoadedArray, setApisLoaded] = react.useState(
     withPrivacyBanner ? [false, false] : [false]
   );
-  const loaded = apisLoaded.every(Boolean);
+  const apisLoaded = apisLoadedArray.every(Boolean);
   const setLoaded = {
     customerPrivacy: () => {
       if (withPrivacyBanner) {
@@ -4392,16 +4625,11 @@ function useApisLoaded({
       setApisLoaded((prev) => [prev[0], true]);
     }
   };
-  react.useEffect(() => {
-    if (loaded && onLoaded) {
-      onLoaded();
-    }
-  }, [loaded, onLoaded]);
-  return { observing, setLoaded };
+  return { observing, setLoaded, apisLoaded };
 }
 function parseStoreDomain(checkoutDomain) {
   if (typeof window === "undefined") return;
-  const host = window.document.location.host;
+  const host = window.location.host;
   const checkoutDomainParts = checkoutDomain.split(".").reverse();
   const currentDomainParts = host.split(".").reverse();
   const sameDomainParts = [];
@@ -4410,7 +4638,7 @@ function parseStoreDomain(checkoutDomain) {
       sameDomainParts.push(part);
     }
   });
-  return sameDomainParts.reverse().join(".");
+  return sameDomainParts.reverse().join(".") || void 0;
 }
 function overrideCustomerPrivacySetTrackingConsent({
   customerPrivacy,
@@ -4468,7 +4696,7 @@ function getPrivacyBanner() {
 }
 
 // package.json
-var version = "2024.7.9";
+var version = "2024.7.10";
 
 // src/analytics-manager/ShopifyAnalytics.tsx
 function getCustomerPrivacyRequired() {
@@ -4488,6 +4716,7 @@ function ShopifyAnalytics({
   const { subscribe: subscribe2, register: register2, canTrack } = useAnalytics();
   const [shopifyReady, setShopifyReady] = react.useState(false);
   const [privacyReady, setPrivacyReady] = react.useState(false);
+  const [collectedConsent, setCollectedConsent] = react.useState("");
   const init = react.useRef(false);
   const { checkoutDomain, storefrontAccessToken, language } = consent;
   const { ready: shopifyAnalyticsReady } = register2("Internal_Shopify_Analytics");
@@ -4496,14 +4725,31 @@ function ShopifyAnalytics({
     locale: language,
     checkoutDomain: !checkoutDomain ? "mock.shop" : checkoutDomain,
     storefrontAccessToken: !storefrontAccessToken ? "abcdefghijklmnopqrstuvwxyz123456" : storefrontAccessToken,
-    onVisitorConsentCollected: () => setPrivacyReady(true),
-    onReady: () => setPrivacyReady(true)
+    // If we use privacy banner, we should wait until consent is collected.
+    // Otherwise, we can consider privacy ready immediately:
+    onReady: () => !consent.withPrivacyBanner && setPrivacyReady(true),
+    onVisitorConsentCollected: (consent2) => {
+      try {
+        setCollectedConsent(JSON.stringify(consent2));
+      } catch (e) {
+      }
+      setPrivacyReady(true);
+    }
   });
+  const hasUserConsent = react.useMemo(
+    // must be initialized with true to avoid removing cookies too early
+    () => privacyReady ? canTrack() : true,
+    // Make this value depend on collectedConsent to re-run `canTrack()` when consent changes
+    [privacyReady, canTrack, collectedConsent]
+  );
   hydrogenReact.useShopifyCookies({
-    hasUserConsent: privacyReady ? canTrack() : true,
-    // must be initialized with true
+    hasUserConsent,
     domain,
-    checkoutDomain
+    checkoutDomain,
+    // Already done inside useCustomerPrivacy
+    fetchTrackingValues: false,
+    // Avoid creating local cookies too early
+    ignoreDeprecatedCookies: !privacyReady
   });
   react.useEffect(() => {
     if (init.current) return;
@@ -4553,11 +4799,11 @@ function prepareBasePageViewPayload(payload) {
     ...payload.shop,
     hasUserConsent,
     ...hydrogenReact.getClientBrowserParameters(),
-    ccpaEnforced: !customerPrivacy.saleOfDataAllowed(),
-    gdprEnforced: !(customerPrivacy.marketingAllowed() && customerPrivacy.analyticsProcessingAllowed()),
     analyticsAllowed: customerPrivacy.analyticsProcessingAllowed(),
     marketingAllowed: customerPrivacy.marketingAllowed(),
-    saleOfDataAllowed: customerPrivacy.saleOfDataAllowed()
+    saleOfDataAllowed: customerPrivacy.saleOfDataAllowed(),
+    ccpaEnforced: !customerPrivacy.saleOfDataAllowed(),
+    gdprEnforced: !(customerPrivacy.marketingAllowed() && customerPrivacy.analyticsProcessingAllowed())
   };
   return eventPayload;
 }
@@ -4974,11 +5220,11 @@ function AnalyticsProvider({
   shop: shopProp = null,
   cookieDomain
 }) {
-  const listenerSet = react.useRef(false);
   const { shop } = useShopAnalytics(shopProp);
   const [analyticsLoaded, setAnalyticsLoaded] = react.useState(
     customCanTrack ? true : false
   );
+  const [consentCollected, setConsentCollected] = react.useState(false);
   const [carts, setCarts] = react.useState({ cart: null, prevCart: null });
   const [canTrack, setCanTrack] = react.useState(
     customCanTrack ? () => customCanTrack : () => shopifyCanTrack
@@ -5046,21 +5292,21 @@ function AnalyticsProvider({
     children,
     !!shop && /* @__PURE__ */ jsxRuntime.jsx(AnalyticsPageView, {}),
     !!shop && !!currentCart && /* @__PURE__ */ jsxRuntime.jsx(CartAnalytics, { cart: currentCart, setCarts }),
-    !!shop && consent.checkoutDomain && /* @__PURE__ */ jsxRuntime.jsx(
+    !!shop && /* @__PURE__ */ jsxRuntime.jsx(
       ShopifyAnalytics,
       {
         consent,
         onReady: () => {
-          listenerSet.current = true;
           setAnalyticsLoaded(true);
           setCanTrack(
             customCanTrack ? () => customCanTrack : () => shopifyCanTrack
           );
+          setConsentCollected(true);
         },
         domain: cookieDomain
       }
     ),
-    !!shop && /* @__PURE__ */ jsxRuntime.jsx(PerfKit, { shop })
+    !!shop && consentCollected && /* @__PURE__ */ jsxRuntime.jsx(PerfKit, { shop })
   ] });
 }
 function useAnalytics() {
@@ -5221,8 +5467,63 @@ function getStorefrontHeaders(request) {
   return {
     requestGroupId: getHeader(request, "request-id"),
     buyerIp: getHeader(request, "oxygen-buyer-ip"),
+    buyerIpSig: getHeader(request, "X-Shopify-Client-IP-Sig"),
     cookie: getHeader(request, "cookie"),
-    purpose: getHeader(request, "purpose")
+    purpose: getHeader(request, "sec-purpose") || getHeader(request, "purpose")
+  };
+}
+function createRequestHandler({
+  build,
+  mode,
+  poweredByHeader = true,
+  getLoadContext,
+  collectTrackingInformation = true,
+  proxyStandardRoutes = true
+}) {
+  const handleRequest = serverRuntime.createRequestHandler(build, mode);
+  const appendPoweredByHeader = poweredByHeader ? (response) => response.headers.append("powered-by", "Shopify, Hydrogen") : void 0;
+  return async (request) => {
+    const method = request.method;
+    if ((method === "GET" || method === "HEAD") && request.body) {
+      return new Response(`${method} requests cannot have a body`, {
+        status: 400
+      });
+    }
+    const url = new URL(request.url);
+    if (url.pathname.includes("//")) {
+      return new Response(null, {
+        status: 301,
+        headers: {
+          location: url.pathname.replace(/\/+/g, "/")
+        }
+      });
+    }
+    const context = getLoadContext ? await getLoadContext(request) : void 0;
+    const storefront = context?.storefront;
+    if (proxyStandardRoutes) {
+      if (!storefront) {
+        warnOnce(
+          "[h2:createRequestHandler] Storefront instance is required to proxy standard routes."
+        );
+      }
+      if (storefront?.isStorefrontApiUrl(request)) {
+        const response2 = await storefront.forward(request);
+        appendPoweredByHeader?.(response2);
+        return response2;
+      }
+    }
+    const response = await handleRequest(request, context);
+    if (storefront && proxyStandardRoutes) {
+      if (collectTrackingInformation) {
+        storefront.setCollectedSubrequestHeaders(response);
+      }
+      const fetchDest = request.headers.get("sec-fetch-dest");
+      if (fetchDest && fetchDest === "document" || request.headers.get("accept")?.includes("text/html")) {
+        appendServerTimingHeader(response, { [HYDROGEN_SFAPI_PROXY_KEY]: "1" });
+      }
+    }
+    appendPoweredByHeader?.(response);
+    return response;
   };
 }
 
@@ -5565,6 +5866,10 @@ Object.defineProperty(exports, "getShopifyCookies", {
   enumerable: true,
   get: function () { return hydrogenReact.getShopifyCookies; }
 });
+Object.defineProperty(exports, "getTrackingValues", {
+  enumerable: true,
+  get: function () { return hydrogenReact.getTrackingValues; }
+});
 Object.defineProperty(exports, "parseGid", {
   enumerable: true,
   get: function () { return hydrogenReact.parseGid; }
@@ -5628,6 +5933,7 @@ exports.createCartHandler = createCartHandler;
 exports.createContentSecurityPolicy = createContentSecurityPolicy;
 exports.createCustomerAccountClient = createCustomerAccountClient;
 exports.createHydrogenContext = createHydrogenContext;
+exports.createRequestHandler = createRequestHandler;
 exports.createStorefrontClient = createStorefrontClient;
 exports.createWithCache = createWithCache;
 exports.formatAPIResult = formatAPIResult;