@shopify/hydrogen 2025.4.0 → 2025.4.2

package/dist/development/index.cjs

@@ -5,6 +5,7 @@ var react$1 = require('@remix-run/react');
 var jsxRuntime = require('react/jsx-runtime');
 var hydrogenReact = require('@shopify/hydrogen-react');
 var cookie = require('worktop/cookie');
+var serverRuntime = require('@remix-run/server-runtime');
 var cspBuilder = require('content-security-policy-builder');
 require('url');
 require('path');
@@ -170,7 +171,62 @@ var AnalyticsEvent = {
   // Custom
   CUSTOM_EVENT: `custom_`
 };
-var CONSENT_API = "https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js";
+
+// src/constants.ts
+var STOREFRONT_REQUEST_GROUP_ID_HEADER = "Custom-Storefront-Request-Group-ID";
+var STOREFRONT_ACCESS_TOKEN_HEADER = "X-Shopify-Storefront-Access-Token";
+var SDK_VARIANT_HEADER = "X-SDK-Variant";
+var SDK_VARIANT_SOURCE_HEADER = "X-SDK-Variant-Source";
+var SDK_VERSION_HEADER = "X-SDK-Version";
+var SHOPIFY_CLIENT_IP_HEADER = "X-Shopify-Client-IP";
+var SHOPIFY_CLIENT_IP_SIG_HEADER = "X-Shopify-Client-IP-Sig";
+var HYDROGEN_SFAPI_PROXY_KEY = "_sfapi_proxy";
+var HYDROGEN_SERVER_TRACKING_KEY = "_server_tracking";
+
+// src/utils/server-timing.ts
+function buildServerTimingHeader(values) {
+  return Object.entries(values).map(([key, value]) => value ? `${key};desc=${value}` : void 0).filter(Boolean).join(", ");
+}
+function appendServerTimingHeader(response, values) {
+  const header = typeof values === "string" ? values : buildServerTimingHeader(values);
+  if (header) {
+    response.headers.append("Server-Timing", header);
+  }
+}
+var trackedTimings = ["_y", "_s", "_cmp"];
+function extractServerTimingHeader(serverTimingHeader) {
+  const values = {};
+  if (!serverTimingHeader) return values;
+  const re = new RegExp(
+    `\\b(${trackedTimings.join("|")});desc="?([^",]+)"?`,
+    "g"
+  );
+  let match;
+  while ((match = re.exec(serverTimingHeader)) !== null) {
+    values[match[1]] = match[2];
+  }
+  return values;
+}
+function hasServerTimingInNavigationEntry(key) {
+  if (typeof window === "undefined") return false;
+  try {
+    const navigationEntry = window.performance.getEntriesByType(
+      "navigation"
+    )[0];
+    return !!navigationEntry?.serverTiming?.some((entry) => entry.name === key);
+  } catch (e) {
+    return false;
+  }
+}
+function isSfapiProxyEnabled() {
+  return hasServerTimingInNavigationEntry(HYDROGEN_SFAPI_PROXY_KEY);
+}
+function hasServerReturnedTrackingValues() {
+  return hasServerTimingInNavigationEntry(HYDROGEN_SERVER_TRACKING_KEY);
+}
+
+// src/customer-privacy/ShopifyCustomerPrivacy.tsx
+var CONSENT_API = "https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.2/consent-tracking-api.js";
 var CONSENT_API_WITH_BANNER = "https://cdn.shopify.com/shopifycloud/privacy-banner/storefront-banner.js";
 function logMissingConfig(fieldName) {
   console.error(
@@ -182,19 +238,34 @@ function useCustomerPrivacy(props) {
     withPrivacyBanner = false,
     onVisitorConsentCollected,
     onReady,
-    ...consentConfig
+    checkoutDomain,
+    storefrontAccessToken,
+    country,
+    locale,
+    sameDomainForStorefrontApi
   } = props;
+  const hasSfapiProxy = react.useMemo(
+    () => sameDomainForStorefrontApi ?? isSfapiProxyEnabled(),
+    [sameDomainForStorefrontApi]
+  );
+  const fetchTrackingValuesFromBrowser = react.useMemo(
+    () => hasSfapiProxy && !hasServerReturnedTrackingValues(),
+    [hasSfapiProxy]
+  );
+  const cookiesReady = hydrogenReact.useShopifyCookies({
+    fetchTrackingValues: fetchTrackingValuesFromBrowser,
+    storefrontAccessToken,
+    ignoreDeprecatedCookies: true
+  });
+  const initialTrackingValues = react.useMemo(hydrogenReact.getTrackingValues, [cookiesReady]);
+  const { revalidate } = react$1.useRevalidator();
   hydrogenReact.useLoadScript(withPrivacyBanner ? CONSENT_API_WITH_BANNER : CONSENT_API, {
     attributes: {
       id: "customer-privacy-api"
     }
   });
-  const { observing, setLoaded } = useApisLoaded({
-    withPrivacyBanner,
-    onLoaded: onReady
-  });
+  const { observing, setLoaded, apisLoaded } = useApisLoaded({ withPrivacyBanner });
   const config = react.useMemo(() => {
-    const { checkoutDomain, storefrontAccessToken } = consentConfig;
     if (!checkoutDomain) logMissingConfig("checkoutDomain");
     if (!storefrontAccessToken) logMissingConfig("storefrontAccessToken");
     if (storefrontAccessToken.startsWith("shpat_") || storefrontAccessToken.length !== 32) {
@@ -202,18 +273,50 @@ function useCustomerPrivacy(props) {
         `[h2:error:useCustomerPrivacy] It looks like you passed a private access token, make sure to use the public token`
       );
     }
+    const commonAncestorDomain = parseStoreDomain(checkoutDomain);
+    const sfapiDomain = (
+      // Check if standard route proxy is enabled in Hydrogen server
+      // to use it instead of doing a cross-origin request to checkout.
+      hasSfapiProxy && typeof window !== "undefined" ? window.location.host : checkoutDomain
+    );
     const config2 = {
-      checkoutRootDomain: checkoutDomain,
+      // This domain is used to send requests to SFAPI for setting and getting consent.
+      checkoutRootDomain: sfapiDomain,
+      // Prefix with a dot to ensure this domain is different from checkoutRootDomain.
+      // This will ensure old cookies are set for a cross-subdomain checkout setup
+      // so that we keep backward compatibility until new cookies are rolled out.
+      // Once consent-tracking-api is updated to not rely on cookies anymore, we can remove this.
+      storefrontRootDomain: commonAncestorDomain ? "." + commonAncestorDomain : void 0,
       storefrontAccessToken,
-      storefrontRootDomain: parseStoreDomain(checkoutDomain),
-      country: consentConfig.country,
-      locale: consentConfig.locale
+      country,
+      locale
     };
     return config2;
-  }, [consentConfig, parseStoreDomain, logMissingConfig]);
+  }, [
+    logMissingConfig,
+    checkoutDomain,
+    storefrontAccessToken,
+    country,
+    locale
+  ]);
   react.useEffect(() => {
     const consentCollectedHandler = (event) => {
+      const latestTrackingValues = hydrogenReact.getTrackingValues();
+      if (initialTrackingValues.visitToken !== latestTrackingValues.visitToken || initialTrackingValues.uniqueToken !== latestTrackingValues.uniqueToken) {
+        revalidate();
+      }
       if (onVisitorConsentCollected) {
+        const customerPrivacy = getCustomerPrivacy();
+        if (customerPrivacy?.shouldShowBanner()) {
+          const consentValues = customerPrivacy.currentVisitorConsent();
+          if (consentValues) {
+            const NO_VALUE = "";
+            const noInteraction = consentValues.marketing === NO_VALUE && consentValues.analytics === NO_VALUE && consentValues.preferences === NO_VALUE;
+            if (noInteraction) {
+              return;
+            }
+          }
+        }
         onVisitorConsentCollected(event.detail);
       }
     };
@@ -239,14 +342,11 @@ function useCustomerPrivacy(props) {
       },
       set(value) {
         if (typeof value === "object" && value !== null && "showPreferences" in value && "loadBanner" in value) {
-          const privacyBanner = value;
-          privacyBanner.loadBanner(config);
           customPrivacyBanner = overridePrivacyBannerMethods({
-            privacyBanner,
+            privacyBanner: value,
             config
           });
           setLoaded.privacyBanner();
-          emitCustomerPrivacyApiLoaded();
         }
       }
     };
@@ -280,6 +380,8 @@ function useCustomerPrivacy(props) {
                 const customerPrivacy = value2;
                 customCustomerPrivacy = {
                   ...customerPrivacy,
+                  // Note: this method is not used by the privacy-banner,
+                  // it bundles its own setTrackingConsent.
                   setTrackingConsent: overrideCustomerPrivacySetTrackingConsent(
                     { customerPrivacy, config }
                   )
@@ -289,7 +391,6 @@ function useCustomerPrivacy(props) {
                   customerPrivacy: customCustomerPrivacy
                 };
                 setLoaded.customerPrivacy();
-                emitCustomerPrivacyApiLoaded();
               }
             }
           });
@@ -301,6 +402,24 @@ function useCustomerPrivacy(props) {
     overrideCustomerPrivacySetTrackingConsent,
     setLoaded.customerPrivacy
   ]);
+  react.useEffect(() => {
+    if (!apisLoaded || !cookiesReady) return;
+    const customerPrivacy = getCustomerPrivacy();
+    if (customerPrivacy && !customerPrivacy.cachedConsent) {
+      const trackingValues = hydrogenReact.getTrackingValues();
+      if (trackingValues.consent) {
+        customerPrivacy.cachedConsent = trackingValues.consent;
+      }
+    }
+    if (withPrivacyBanner) {
+      const privacyBanner = getPrivacyBanner();
+      if (privacyBanner) {
+        privacyBanner.loadBanner(config);
+      }
+    }
+    emitCustomerPrivacyApiLoaded();
+    onReady?.();
+  }, [apisLoaded, cookiesReady]);
   const result = {
     customerPrivacy: getCustomerPrivacy()
   };
@@ -316,15 +435,12 @@ function emitCustomerPrivacyApiLoaded() {
   const event = new CustomEvent("shopifyCustomerPrivacyApiLoaded");
   document.dispatchEvent(event);
 }
-function useApisLoaded({
-  withPrivacyBanner,
-  onLoaded
-}) {
+function useApisLoaded({ withPrivacyBanner }) {
   const observing = react.useRef({ customerPrivacy: false, privacyBanner: false });
-  const [apisLoaded, setApisLoaded] = react.useState(
+  const [apisLoadedArray, setApisLoaded] = react.useState(
     withPrivacyBanner ? [false, false] : [false]
   );
-  const loaded = apisLoaded.every(Boolean);
+  const apisLoaded = apisLoadedArray.every(Boolean);
   const setLoaded = {
     customerPrivacy: () => {
       if (withPrivacyBanner) {
@@ -340,16 +456,11 @@ function useApisLoaded({
       setApisLoaded((prev) => [prev[0], true]);
     }
   };
-  react.useEffect(() => {
-    if (loaded && onLoaded) {
-      onLoaded();
-    }
-  }, [loaded, onLoaded]);
-  return { observing, setLoaded };
+  return { observing, setLoaded, apisLoaded };
 }
 function parseStoreDomain(checkoutDomain) {
   if (typeof window === "undefined") return;
-  const host = window.document.location.host;
+  const host = window.location.host;
   const checkoutDomainParts = checkoutDomain.split(".").reverse();
   const currentDomainParts = host.split(".").reverse();
   const sameDomainParts = [];
@@ -358,7 +469,7 @@ function parseStoreDomain(checkoutDomain) {
       sameDomainParts.push(part);
     }
   });
-  return sameDomainParts.reverse().join(".");
+  return sameDomainParts.reverse().join(".") || void 0;
 }
 function overrideCustomerPrivacySetTrackingConsent({
   customerPrivacy,
@@ -416,7 +527,7 @@ function getPrivacyBanner() {
 }
 
 // package.json
-var version = "2025.4.0";
+var version = "2025.4.2";
 
 // src/analytics-manager/ShopifyAnalytics.tsx
 function getCustomerPrivacyRequired() {
@@ -436,6 +547,7 @@ function ShopifyAnalytics({
   const { subscribe: subscribe2, register: register2, canTrack } = useAnalytics();
   const [shopifyReady, setShopifyReady] = react.useState(false);
   const [privacyReady, setPrivacyReady] = react.useState(false);
+  const [collectedConsent, setCollectedConsent] = react.useState("");
   const init = react.useRef(false);
   const { checkoutDomain, storefrontAccessToken, language } = consent;
   const { ready: shopifyAnalyticsReady } = register2("Internal_Shopify_Analytics");
@@ -444,14 +556,31 @@ function ShopifyAnalytics({
     locale: language,
     checkoutDomain: !checkoutDomain ? "mock.shop" : checkoutDomain,
     storefrontAccessToken: !storefrontAccessToken ? "abcdefghijklmnopqrstuvwxyz123456" : storefrontAccessToken,
-    onVisitorConsentCollected: () => setPrivacyReady(true),
-    onReady: () => setPrivacyReady(true)
+    // If we use privacy banner, we should wait until consent is collected.
+    // Otherwise, we can consider privacy ready immediately:
+    onReady: () => !consent.withPrivacyBanner && setPrivacyReady(true),
+    onVisitorConsentCollected: (consent2) => {
+      try {
+        setCollectedConsent(JSON.stringify(consent2));
+      } catch (e) {
+      }
+      setPrivacyReady(true);
+    }
   });
+  const hasUserConsent = react.useMemo(
+    // must be initialized with true to avoid removing cookies too early
+    () => privacyReady ? canTrack() : true,
+    // Make this value depend on collectedConsent to re-run `canTrack()` when consent changes
+    [privacyReady, canTrack, collectedConsent]
+  );
   hydrogenReact.useShopifyCookies({
-    hasUserConsent: privacyReady ? canTrack() : true,
-    // must be initialized with true
+    hasUserConsent,
     domain,
-    checkoutDomain
+    checkoutDomain,
+    // Already done inside useCustomerPrivacy
+    fetchTrackingValues: false,
+    // Avoid creating local cookies too early
+    ignoreDeprecatedCookies: !privacyReady
   });
   react.useEffect(() => {
     if (init.current) return;
@@ -501,11 +630,11 @@ function prepareBasePageViewPayload(payload) {
     ...payload.shop,
     hasUserConsent,
     ...hydrogenReact.getClientBrowserParameters(),
-    ccpaEnforced: !customerPrivacy.saleOfDataAllowed(),
-    gdprEnforced: !(customerPrivacy.marketingAllowed() && customerPrivacy.analyticsProcessingAllowed()),
     analyticsAllowed: customerPrivacy.analyticsProcessingAllowed(),
     marketingAllowed: customerPrivacy.marketingAllowed(),
-    saleOfDataAllowed: customerPrivacy.saleOfDataAllowed()
+    saleOfDataAllowed: customerPrivacy.saleOfDataAllowed(),
+    ccpaEnforced: !customerPrivacy.saleOfDataAllowed(),
+    gdprEnforced: !(customerPrivacy.marketingAllowed() && customerPrivacy.analyticsProcessingAllowed())
   };
   return eventPayload;
 }
@@ -938,11 +1067,11 @@ function AnalyticsProvider({
   shop: shopProp = null,
   cookieDomain
 }) {
-  const listenerSet = react.useRef(false);
   const { shop } = useShopAnalytics(shopProp);
   const [analyticsLoaded, setAnalyticsLoaded] = react.useState(
     customCanTrack ? true : false
   );
+  const [consentCollected, setConsentCollected] = react.useState(false);
   const [carts, setCarts] = react.useState({ cart: null, prevCart: null });
   const [canTrack, setCanTrack] = react.useState(
     customCanTrack ? () => customCanTrack : () => shopifyCanTrack
@@ -1010,21 +1139,21 @@ function AnalyticsProvider({
     children,
     !!shop && /* @__PURE__ */ jsxRuntime.jsx(AnalyticsPageView, {}),
     !!shop && !!currentCart && /* @__PURE__ */ jsxRuntime.jsx(CartAnalytics, { cart: currentCart, setCarts }),
-    !!shop && consent.checkoutDomain && /* @__PURE__ */ jsxRuntime.jsx(
+    !!shop && /* @__PURE__ */ jsxRuntime.jsx(
       ShopifyAnalytics,
       {
         consent,
         onReady: () => {
-          listenerSet.current = true;
           setAnalyticsLoaded(true);
           setCanTrack(
             customCanTrack ? () => customCanTrack : () => shopifyCanTrack
           );
+          setConsentCollected(true);
         },
         domain: cookieDomain
       }
     ),
-    !!shop && /* @__PURE__ */ jsxRuntime.jsx(PerfKit, { shop })
+    !!shop && consentCollected && /* @__PURE__ */ jsxRuntime.jsx(PerfKit, { shop })
   ] });
 }
 function useAnalytics() {
@@ -1103,6 +1232,21 @@ function getDebugHeaders(request) {
     purpose: request ? getHeader(request, "purpose") : void 0
   };
 }
+var SFAPI_RE = /^\/api\/(unstable|2\d{3}-\d{2})\/graphql\.json$/;
+var getSafePathname = (url) => {
+  try {
+    return new URL(url, "http://e.c").pathname;
+  } catch {
+    return "/";
+  }
+};
+function extractHeaders(extract, keys) {
+  return keys.reduce((acc, key) => {
+    const forwardedValue = extract(key);
+    if (forwardedValue) acc.push([key, forwardedValue]);
+    return acc;
+  }, []);
+}
 
 // src/utils/callsites.ts
 function withSyncStack(promise, options = {}) {
@@ -1472,13 +1616,16 @@ async function runWithCache(cacheKey, actionFn, {
 }
 
 // src/cache/server-fetch.ts
+var excludedHeaders = ["set-cookie", "server-timing"];
 function toSerializableResponse(body, response) {
   return [
     body,
     {
       status: response.status,
       statusText: response.statusText,
-      headers: Array.from(response.headers.entries())
+      headers: [...response.headers].filter(
+        ([key]) => !excludedHeaders.includes(key.toLowerCase())
+      )
     }
   ];
 }
@@ -1491,7 +1638,8 @@ async function fetchWithServerCache(url, requestInit, {
   cacheKey = [url, requestInit],
   shouldCacheResponse,
   waitUntil,
-  debugInfo
+  debugInfo,
+  onRawHeaders
 }) {
   if (!cacheOptions && (!requestInit.method || requestInit.method === "GET")) {
     cacheOptions = CacheShort();
@@ -1500,6 +1648,7 @@ async function fetchWithServerCache(url, requestInit, {
     cacheKey,
     async () => {
       const response = await fetch(url, requestInit);
+      onRawHeaders?.(response.headers);
       if (!response.ok) {
         return response;
       }
@@ -1722,13 +1871,6 @@ var cartSetIdDefault = (cookieOptions) => {
   };
 };
 
-// src/constants.ts
-var STOREFRONT_REQUEST_GROUP_ID_HEADER = "Custom-Storefront-Request-Group-ID";
-var STOREFRONT_ACCESS_TOKEN_HEADER = "X-Shopify-Storefront-Access-Token";
-var SDK_VARIANT_HEADER = "X-SDK-Variant";
-var SDK_VARIANT_SOURCE_HEADER = "X-SDK-Variant-Source";
-var SDK_VERSION_HEADER = "X-SDK-Version";
-
 // src/utils/uuid.ts
 function generateUUID() {
   if (typeof crypto !== "undefined" && !!crypto.randomUUID) {
@@ -1739,7 +1881,7 @@ function generateUUID() {
 }
 
 // src/version.ts
-var LIB_VERSION = "2025.4.0";
+var LIB_VERSION = "2025.4.2";
 
 // src/utils/graphql.ts
 function minifyQuery(string) {
@@ -1900,16 +2042,34 @@ function createStorefrontClient(options) {
     contentType: "json",
     buyerIp: storefrontHeaders?.buyerIp || ""
   });
+  if (storefrontHeaders?.buyerIp) {
+    defaultHeaders[SHOPIFY_CLIENT_IP_HEADER] = storefrontHeaders.buyerIp;
+  }
+  if (storefrontHeaders?.buyerIpSig) {
+    defaultHeaders[SHOPIFY_CLIENT_IP_SIG_HEADER] = storefrontHeaders.buyerIpSig;
+  }
   defaultHeaders[STOREFRONT_REQUEST_GROUP_ID_HEADER] = storefrontHeaders?.requestGroupId || generateUUID();
   if (storefrontId) defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_ID_HEADER] = storefrontId;
   defaultHeaders["user-agent"] = `Hydrogen ${LIB_VERSION}`;
-  if (storefrontHeaders && storefrontHeaders.cookie) {
-    const cookies = hydrogenReact.getShopifyCookies(storefrontHeaders.cookie ?? "");
-    if (cookies[hydrogenReact.SHOPIFY_Y])
-      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_Y_HEADER] = cookies[hydrogenReact.SHOPIFY_Y];
-    if (cookies[hydrogenReact.SHOPIFY_S])
-      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_S_HEADER] = cookies[hydrogenReact.SHOPIFY_S];
+  const requestCookie = storefrontHeaders?.cookie ?? "";
+  if (requestCookie) defaultHeaders["cookie"] = requestCookie;
+  let uniqueToken;
+  let visitToken;
+  if (!/\b_shopify_(analytics|marketing)=/.test(requestCookie)) {
+    const legacyUniqueToken = requestCookie.match(/\b_shopify_y=([^;]+)/)?.[1];
+    const legacyVisitToken = requestCookie.match(/\b_shopify_s=([^;]+)/)?.[1];
+    if (legacyUniqueToken) {
+      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_Y_HEADER] = legacyUniqueToken;
+    }
+    if (legacyVisitToken) {
+      defaultHeaders[hydrogenReact.SHOPIFY_STOREFRONT_S_HEADER] = legacyVisitToken;
+    }
+    uniqueToken = legacyUniqueToken ?? generateUUID();
+    visitToken = legacyVisitToken ?? generateUUID();
+    defaultHeaders[hydrogenReact.SHOPIFY_UNIQUE_TOKEN_HEADER] = uniqueToken;
+    defaultHeaders[hydrogenReact.SHOPIFY_VISIT_TOKEN_HEADER] = visitToken;
   }
+  let collectedSubrequestHeaders;
   const cacheKeyHeader = JSON.stringify({
     "content-type": defaultHeaders["content-type"],
     "user-agent": defaultHeaders["user-agent"],
@@ -1971,6 +2131,13 @@ function createStorefrontClient(options) {
         stackInfo,
         graphql: graphqlData,
         purpose: storefrontHeaders?.purpose
+      },
+      onRawHeaders: (headers2) => {
+        collectedSubrequestHeaders ??= {
+          // `getSetCookie` may not be available in all environments (e.g., classic Remix compiler)
+          setCookie: typeof headers2.getSetCookie === "function" ? headers2.getSetCookie() : [],
+          serverTiming: headers2.get("server-timing") ?? ""
+        };
       }
     });
     const errorOptions = {
@@ -2069,9 +2236,90 @@ function createStorefrontClient(options) {
       generateCacheControlHeader,
       getPublicTokenHeaders,
       getPrivateTokenHeaders,
+      getHeaders: () => ({ ...defaultHeaders }),
       getShopifyDomain,
       getApiUrl: getStorefrontApiUrl,
-      i18n: i18n ?? defaultI18n
+      i18n: i18n ?? defaultI18n,
+      /**
+       * Checks if the request is targeting the Storefront API endpoint.
+       */
+      isStorefrontApiUrl(request) {
+        return SFAPI_RE.test(getSafePathname(request.url ?? ""));
+      },
+      /**
+       * Forwards the request to the Storefront API.
+       */
+      async forward(request, options2) {
+        const forwardedHeaders = new Headers([
+          // Forward only a selected set of headers to the Storefront API
+          // to avoid getting 403 errors due to unexpected headers.
+          ...extractHeaders(
+            (key) => request.headers.get(key),
+            [
+              "accept",
+              "accept-encoding",
+              "accept-language",
+              // Access-Control headers are used for CORS preflight requests.
+              "access-control-request-headers",
+              "access-control-request-method",
+              "content-type",
+              "content-length",
+              "cookie",
+              "origin",
+              "referer",
+              "user-agent",
+              STOREFRONT_ACCESS_TOKEN_HEADER,
+              hydrogenReact.SHOPIFY_UNIQUE_TOKEN_HEADER,
+              hydrogenReact.SHOPIFY_VISIT_TOKEN_HEADER
+            ]
+          ),
+          // Add some headers to help with geolocalization and debugging
+          ...extractHeaders(
+            (key) => defaultHeaders[key],
+            [
+              SHOPIFY_CLIENT_IP_HEADER,
+              SHOPIFY_CLIENT_IP_SIG_HEADER,
+              hydrogenReact.SHOPIFY_STOREFRONT_ID_HEADER,
+              STOREFRONT_REQUEST_GROUP_ID_HEADER
+            ]
+          )
+        ]);
+        if (storefrontHeaders?.buyerIp) {
+          forwardedHeaders.set("x-forwarded-for", storefrontHeaders.buyerIp);
+        }
+        const storefrontApiVersion = options2?.storefrontApiVersion ?? getSafePathname(request.url).match(SFAPI_RE)?.[1];
+        const sfapiResponse = await fetch(
+          getStorefrontApiUrl({ storefrontApiVersion }),
+          {
+            method: request.method,
+            body: request.body,
+            headers: forwardedHeaders
+          }
+        );
+        return new Response(sfapiResponse.body, sfapiResponse);
+      },
+      setCollectedSubrequestHeaders: (response) => {
+        if (collectedSubrequestHeaders) {
+          for (const value of collectedSubrequestHeaders.setCookie) {
+            response.headers.append("Set-Cookie", value);
+          }
+        }
+        const serverTiming = extractServerTimingHeader(
+          collectedSubrequestHeaders?.serverTiming
+        );
+        const isDocumentResponse = response.headers.get("content-type")?.startsWith("text/html");
+        const fallbackValues = isDocumentResponse ? { _y: uniqueToken, _s: visitToken } : void 0;
+        appendServerTimingHeader(response, {
+          ...fallbackValues,
+          ...serverTiming
+        });
+        if (isDocumentResponse && collectedSubrequestHeaders && // _shopify_essential cookie is always set, but we need more than that
+        collectedSubrequestHeaders.setCookie.length > 1 && serverTiming?._y && serverTiming?._s && serverTiming?._cmp) {
+          appendServerTimingHeader(response, {
+            [HYDROGEN_SERVER_TRACKING_KEY]: "1"
+          });
+        }
+      }
     }
   };
 }
@@ -2868,7 +3116,8 @@ function createCartHandler(options) {
     storefront,
     customerAccount,
     cartQueryFragment,
-    cartMutateFragment
+    cartMutateFragment,
+    buyerIdentity
   } = options;
   let cartId = _getCartId();
   const getCartId = () => cartId || _getCartId();
@@ -2880,6 +3129,10 @@ function createCartHandler(options) {
   };
   const _cartCreate = cartCreateDefault(mutateOptions);
   const cartCreate = async function(...args) {
+    args[0].buyerIdentity = {
+      ...buyerIdentity,
+      ...args[0].buyerIdentity
+    };
     const result = await _cartCreate(...args);
     cartId = result?.cart?.id;
     return result;
@@ -2903,7 +3156,7 @@ function createCartHandler(options) {
           sellingPlanId: line.sellingPlanId
         };
       });
-      return cartId || optionalParams?.cartId ? await cartLinesAddDefault(mutateOptions)(lines, optionalParams) : await cartCreate({ lines }, optionalParams);
+      return cartId || optionalParams?.cartId ? await cartLinesAddDefault(mutateOptions)(lines, optionalParams) : await cartCreate({ lines, buyerIdentity }, optionalParams);
     },
     updateLines: cartLinesUpdateDefault(mutateOptions),
     removeLines: cartLinesRemoveDefault(mutateOptions),
@@ -2919,11 +3172,11 @@ function createCartHandler(options) {
         optionalParams
       ) : await cartCreate({ giftCardCodes }, optionalParams);
     },
-    updateBuyerIdentity: async (buyerIdentity, optionalParams) => {
+    updateBuyerIdentity: async (buyerIdentity2, optionalParams) => {
       return cartId || optionalParams?.cartId ? await cartBuyerIdentityUpdateDefault(mutateOptions)(
-        buyerIdentity,
+        buyerIdentity2,
         optionalParams
-      ) : await cartCreate({ buyerIdentity }, optionalParams);
+      ) : await cartCreate({ buyerIdentity: buyerIdentity2 }, optionalParams);
     },
     updateNote: async (note, optionalParams) => {
       return cartId || optionalParams?.cartId ? await cartNoteUpdateDefault(mutateOptions)(note, optionalParams) : await cartCreate({ note }, optionalParams);
@@ -3818,7 +4071,8 @@ function createHydrogenContext(options) {
     logErrors,
     storefront: storefrontOptions = {},
     customerAccount: customerAccountOptions,
-    cart: cartOptions = {}
+    cart: cartOptions = {},
+    buyerIdentity
   } = options;
   if (!session) {
     console.warn(
@@ -3868,6 +4122,7 @@ function createHydrogenContext(options) {
     cartQueryFragment: cartOptions.queryFragment,
     cartMutateFragment: cartOptions.mutateFragment,
     customMethods: cartOptions.customMethods,
+    buyerIdentity,
     // defaults
     storefront,
     customerAccount
@@ -3885,8 +4140,63 @@ function getStorefrontHeaders(request) {
   return {
     requestGroupId: getHeader(request, "request-id"),
     buyerIp: getHeader(request, "oxygen-buyer-ip"),
+    buyerIpSig: getHeader(request, "X-Shopify-Client-IP-Sig"),
     cookie: getHeader(request, "cookie"),
-    purpose: getHeader(request, "purpose")
+    purpose: getHeader(request, "sec-purpose") || getHeader(request, "purpose")
+  };
+}
+function createRequestHandler({
+  build,
+  mode,
+  poweredByHeader = true,
+  getLoadContext,
+  collectTrackingInformation = true,
+  proxyStandardRoutes = true
+}) {
+  const handleRequest = serverRuntime.createRequestHandler(build, mode);
+  const appendPoweredByHeader = poweredByHeader ? (response) => response.headers.append("powered-by", "Shopify, Hydrogen") : void 0;
+  return async (request) => {
+    const method = request.method;
+    if ((method === "GET" || method === "HEAD") && request.body) {
+      return new Response(`${method} requests cannot have a body`, {
+        status: 400
+      });
+    }
+    const url = new URL(request.url);
+    if (url.pathname.includes("//")) {
+      return new Response(null, {
+        status: 301,
+        headers: {
+          location: url.pathname.replace(/\/+/g, "/")
+        }
+      });
+    }
+    const context = getLoadContext ? await getLoadContext(request) : void 0;
+    const storefront = context?.storefront;
+    if (proxyStandardRoutes) {
+      if (!storefront) {
+        warnOnce(
+          "[h2:createRequestHandler] Storefront instance is required to proxy standard routes."
+        );
+      }
+      if (storefront?.isStorefrontApiUrl(request)) {
+        const response2 = await storefront.forward(request);
+        appendPoweredByHeader?.(response2);
+        return response2;
+      }
+    }
+    const response = await handleRequest(request, context);
+    if (storefront && proxyStandardRoutes) {
+      if (collectTrackingInformation) {
+        storefront.setCollectedSubrequestHeaders(response);
+      }
+      const fetchDest = request.headers.get("sec-fetch-dest");
+      if (fetchDest && fetchDest === "document" || request.headers.get("accept")?.includes("text/html")) {
+        appendServerTimingHeader(response, { [HYDROGEN_SFAPI_PROXY_KEY]: "1" });
+      }
+    }
+    appendPoweredByHeader?.(response);
+    return response;
   };
 }
 var NonceContext = react.createContext(void 0);
@@ -5946,6 +6256,10 @@ Object.defineProperty(exports, "getShopifyCookies", {
   enumerable: true,
   get: function () { return hydrogenReact.getShopifyCookies; }
 });
+Object.defineProperty(exports, "getTrackingValues", {
+  enumerable: true,
+  get: function () { return hydrogenReact.getTrackingValues; }
+});
 Object.defineProperty(exports, "isOptionValueCombinationInEncodedVariant", {
   enumerable: true,
   get: function () { return hydrogenReact.isOptionValueCombinationInEncodedVariant; }
@@ -6021,6 +6335,7 @@ exports.createCartHandler = createCartHandler;
 exports.createContentSecurityPolicy = createContentSecurityPolicy;
 exports.createCustomerAccountClient = createCustomerAccountClient;
 exports.createHydrogenContext = createHydrogenContext;
+exports.createRequestHandler = createRequestHandler;
 exports.createStorefrontClient = createStorefrontClient;
 exports.createWithCache = createWithCache;
 exports.formatAPIResult = formatAPIResult;