fontdue-js 3.0.0-alpha7 → 3.0.0-alpha9

package/CHANGELOG.md

@@ -1,3 +1,12 @@
+## 2.28.0
+
+- Checkout now captures the buyer's **analytics consent and ad attribution** on the order. When the cart or store-modal checkout opens, fontdue-js sends the consent-banner state, anonymous ID, Meta browser IDs (the `_fbp`/`_fbc` cookies), and the page URL to the server, where they're stored on the order. This lets Fontdue emit a server-side *purchase* conversion event (Facebook Conversions API, Google Ads) when the order completes — completion happens in a Stripe webhook, outside the browser — while respecting the buyer's cookie-consent choice: if consent was declined, no identifiers are sent and nothing is forwarded to ad platforms. The call is fire-and-forget and never affects checkout.
+
+## 2.27.0
+
+- The `TypeTester` `truncate` option now accepts a **number** to cap the sample paragraph at N lines (in addition to `false` = off and `true` = 1 line). Truncation is now ascender/descender-safe at any line-height — it reads the font's vertical metrics so accents and descenders are never clipped — and flows the clipped text into columns, so multi-column truncated specimens render correctly and side-by-side testers keep their toolbars aligned.
+- The `TypeTester` **family selector now lazy-loads its data**. The family list is fetched on first dropdown open (shared once per page) and per-family styles load on demand, instead of fetching the whole font library up front. This substantially speeds up the initial render of pages with type testers, especially with several standalone testers. The dropdown shows a “Loading…” state while data loads.
+
 ## 2.26.1
 
 - Fixed a jitter in the `TypeTester` variable-font axis sliders: dragging a slider no longer shifts the handle position as the instance name and value beside it change width. The instance name now settles shortly after dragging stops, and the value reserves a fixed width for its range.

package/README.md

@@ -53,7 +53,18 @@ The shape of step 3 and 4 is the only thing that changes between frameworks.
 <details>
 <summary><b>Next.js (App Router)</b></summary>
 
-No Vite plugin needed. The simplest setup omits the layout preload — with React Server Components, each fontdue-js component preloads its own query internally on the server and streams to the client.
+No Vite plugin needed — wrap your Next config with [`withFontdue`](#nextjs-adapter) instead:
+
+```js
+// next.config.mjs
+import { withFontdue } from "fontdue-js/next/config";
+
+export default withFontdue({
+  // your Next config
+});
+```
+
+The simplest setup omits the layout preload — with React Server Components, each fontdue-js component preloads its own query internally on the server and streams to the client.
 
 ```tsx
 // app/layout.tsx
@@ -84,6 +95,8 @@ export default function FontPage() {
 }
 ```
 
+Beyond the components, Next.js projects get a few extra entry points — config wrapping, cache revalidation, and helpers for your own GraphQL fetches. See [Next.js adapter](#nextjs-adapter).
+
 Example repo: [`fontdue/fontdue-example-next`](https://github.com/fontdue/fontdue-example-next)
 
 </details>
@@ -356,6 +369,76 @@ export default function App() {
 
 </details>
 
+## Next.js adapter
+
+Next.js App Router projects get a few extra entry points beyond the components. The [example repo](https://github.com/fontdue/fontdue-example-next) wires up all of them.
+
+### `withFontdue` — next.config wrapper
+
+```js
+// next.config.mjs
+import { withFontdue } from "fontdue-js/next/config";
+
+export default withFontdue({
+  // your Next config
+});
+```
+
+What it installs:
+
+- **Image settings** — `images.remotePatterns` entries for Fontdue's image hosts (plus `dangerouslyAllowSVG`, since font specimens are often SVGs), merged with your own `images` config.
+- **Correct 404 statuses** — Next's streamed metadata locks in a `200` response before a `notFound()` thrown during `generateMetadata` can take effect ([vercel/next.js#82041](https://github.com/vercel/next.js/issues/82041)). `withFontdue` sets `htmlLimitedBots` to match every user agent so metadata rendering blocks the response and missing pages come out as real 404s.
+
+The rest of your config — `rewrites` included — passes through unchanged.
+
+#### Optional: image optimization on Cloudflare
+
+If you have a Cloudflare zone with [image transformations](https://developers.cloudflare.com/images/transform-images/) enabled, set:
+
+```shell
+NEXT_PUBLIC_FONTDUE_IMAGE_HOST=img.your-domain.com
+NEXT_PUBLIC_FONTDUE_IMAGE_ORIGINS=cdn.fontdue.com
+```
+
+`next/image` optimization then moves to the Cloudflare edge, and your deployment needs neither the `/_next/image` endpoint nor sharp. `NEXT_PUBLIC_FONTDUE_IMAGE_ORIGINS` (comma-separated hostnames) should mirror the transformation host's allowed source origins — sources on other hosts are served as originals rather than as transform URLs Cloudflare would refuse. Both variables must be present when `next build` runs (the loader is inlined into the client bundle), not just at serve time.
+
+### Updating content: `/api/revalidate`
+
+fontdue-js's server-side fetches are cached by Next and tagged `graphql`. Re-export the deploy-hook route handler:
+
+```ts
+// app/api/revalidate/route.ts
+export { POST } from "fontdue-js/next/revalidate";
+```
+
+and set the Deploy hook URL in your Fontdue admin (Settings → Website settings) to `https://your-site.example/api/revalidate`. Fontdue calls it whenever your site's content changes, purging everything tagged `graphql` so the next request renders fresh.
+
+fontdue-js's own server-side fetches opt into Next's data cache (and the `graphql` tag) automatically — static pages revalidated by the deploy hook is the intended way to run a Fontdue site, not dynamic rendering. Give your own fetches the same treatment; `currentFontdueEndpoint()` below shows how.
+
+### Your own GraphQL fetches
+
+`currentFontdueEndpoint()` (from `fontdue-js/next`) describes the endpoint your own server-side [GraphQL](https://docs.fontdue.com/graphql-api) fetches should use — the base origin, required headers, and the cache tags that tie them into `/api/revalidate`:
+
+```ts
+import { currentFontdueEndpoint } from "fontdue-js/next";
+
+export async function fetchGraphql(query: string, variables?: unknown) {
+  const endpoint = currentFontdueEndpoint();
+  const response = await fetch(`${endpoint.origin}/graphql`, {
+    method: "POST",
+    body: JSON.stringify({ query, variables }),
+    headers: { "content-type": "application/json", ...endpoint.headers },
+    // Cache explicitly (Next 15 doesn't cache fetch by default), tagged so
+    // the deploy hook purges this too.
+    cache: "force-cache",
+    next: { tags: endpoint.tags },
+  });
+  return (await response.json()).data;
+}
+```
+
+The shape is exported as `type FontdueEndpoint`.
+
 ## UI config
 
 Most components accept a `config` object that controls UI behavior — type-tester options (`selectable`, `priceBar`, size ranges, OpenType-feature UI…), store-modal layout, form styling, analytics tracking, and more. See the [full config reference](https://docs.fontdue.com/fontduejs#b3dec49aa08240bba2b4c71a67c08333).

package/dist/__generated__/orderTrackingUpdateOrderTrackingMutation.graphql.js

@@ -1,9 +1,3 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.default = void 0;
 /**
  * @generated SignedSource<<017a8a724b3a0fd0918153ce04d07f68>>
  * @lightSyntaxTransform
@@ -68,5 +62,4 @@ const node = function () {
   };
 }();
 node.hash = "d59a127a7f140424f507ae549731bac7";
-var _default = node;
-exports.default = _default;
+export default node;

package/dist/__tests__/networkFetch.test.js

@@ -0,0 +1,66 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+// environment.ts reads env at module load, so stub env and re-import fresh.
+beforeEach(() => {
+  vi.resetModules();
+  vi.unstubAllEnvs();
+  vi.unstubAllGlobals();
+});
+const request = {
+  name: 'TestQuery',
+  text: 'query TestQuery { viewer { id } }'
+};
+describe('createNetworkFetch (server)', () => {
+  it('opts fetches into the Next data cache, tagged for revalidation', async () => {
+    vi.stubEnv('FONTDUE_URL', 'https://acme.fontdue.com');
+    const fetchMock = vi.fn(async () => ({
+      json: async () => ({
+        data: {}
+      })
+    }));
+    vi.stubGlobal('fetch', fetchMock);
+    const {
+      createNetworkFetch
+    } = await import("../relay/environment.js");
+    await createNetworkFetch()(request, {});
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    const [url, options] = fetchMock.mock.calls[0];
+    expect(url).toBe('https://acme.fontdue.com/graphql?queryName=TestQuery');
+    // Without an explicit cache option Next 15 treats the fetch as no-store
+    // and silently makes every page fully dynamic — the static + revalidate
+    // pattern depends on this.
+    expect(options.cache).toBe('force-cache');
+    expect(options.next.tags).toContain('graphql');
+    expect(options.next.tags).toContain('operation:TestQuery');
+  });
+  it('applies the per-render server config tags and headers', async () => {
+    vi.stubEnv('FONTDUE_URL', 'https://acme.fontdue.com');
+    const fetchMock = vi.fn(async () => ({
+      json: async () => ({
+        data: {}
+      })
+    }));
+    vi.stubGlobal('fetch', fetchMock);
+
+    // React.cache doesn't memoize outside a React render, so the store is
+    // mocked rather than set through setFontdueServerConfig.
+    vi.doMock('../relay/serverConfig', async importActual => ({
+      ...(await importActual()),
+      getFontdueServerConfig: () => ({
+        url: 'http://app:4000',
+        headers: {
+          'x-forwarded-host': 'acme.fontdue.com'
+        },
+        cacheTags: ['graphql:acme.fontdue.com']
+      })
+    }));
+    const {
+      createNetworkFetch
+    } = await import("../relay/environment.js");
+    await createNetworkFetch()(request, {});
+    vi.doUnmock('../relay/serverConfig');
+    const [url, options] = fetchMock.mock.calls[0];
+    expect(url).toBe('http://app:4000/graphql?queryName=TestQuery');
+    expect(options.headers['x-forwarded-host']).toBe('acme.fontdue.com');
+    expect(options.next.tags).toContain('graphql:acme.fontdue.com');
+  });
+});

package/dist/__tests__/nextAdapter.test.js

@@ -0,0 +1,447 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+// The next adapter modules read process.env at module load, so each test
+// group stubs the env and re-imports them fresh.
+async function importTenant() {
+  return await import("../next/tenant.js");
+}
+async function importConfig() {
+  return await import("../next/config.js");
+}
+async function importRevalidate() {
+  return await import("../next/revalidate.js");
+}
+const revalidateTag = vi.fn();
+vi.mock('next/cache', () => ({
+  revalidateTag: tag => revalidateTag(tag)
+}));
+
+// Next's notFound() throws a sentinel the framework catches; the mock does
+// the same so tests can assert on it.
+vi.mock('next/navigation', () => ({
+  notFound: () => {
+    throw new Error('NEXT_NOT_FOUND');
+  }
+}));
+beforeEach(() => {
+  vi.resetModules();
+  revalidateTag.mockClear();
+  vi.unstubAllEnvs();
+  vi.restoreAllMocks();
+});
+function stubSingleTenant() {
+  let url = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 'https://acme.fontdue.com';
+  vi.stubEnv('NEXT_PUBLIC_FONTDUE_URL', url);
+  vi.stubEnv('FONTDUE_MULTI_TENANT', '');
+  vi.stubEnv('FONTDUE_ORIGIN', '');
+  vi.stubEnv('FONTDUE_PROXY_SECRET', '');
+}
+function stubMultiTenant() {
+  let {
+    origin = '',
+    secret = ''
+  } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  vi.stubEnv('NEXT_PUBLIC_FONTDUE_URL', '');
+  vi.stubEnv('FONTDUE_MULTI_TENANT', '1');
+  vi.stubEnv('FONTDUE_ORIGIN', origin);
+  vi.stubEnv('FONTDUE_PROXY_SECRET', secret);
+}
+describe('isValidDomain', () => {
+  it('accepts plain dotted hostnames and rejects everything else', async () => {
+    stubMultiTenant();
+    const {
+      isValidDomain
+    } = await importTenant();
+    expect(isValidDomain('acme.fontdue.com')).toBe(true);
+    expect(isValidDomain('a-b.example')).toBe(true);
+    expect(isValidDomain('localhost')).toBe(false); // no dot
+    expect(isValidDomain('acme.fontdue.com:3000')).toBe(false); // port
+    expect(isValidDomain('acme.fontdue.com/x')).toBe(false); // path
+    expect(isValidDomain('-bad.example')).toBe(false);
+    expect(isValidDomain('a'.repeat(254) + '.example')).toBe(false);
+  });
+});
+describe('fontdueEndpoint', () => {
+  it('single-tenant: targets NEXT_PUBLIC_FONTDUE_URL with no headers', async () => {
+    stubSingleTenant('https://acme.fontdue.com');
+    const {
+      fontdueEndpoint
+    } = await importTenant();
+    expect(fontdueEndpoint('acme.fontdue.com')).toEqual({
+      domain: 'acme.fontdue.com',
+      origin: 'https://acme.fontdue.com',
+      headers: {},
+      tags: ['graphql', 'graphql:acme.fontdue.com']
+    });
+  });
+  it('single-tenant: throws when NEXT_PUBLIC_FONTDUE_URL is missing', async () => {
+    vi.stubEnv('NEXT_PUBLIC_FONTDUE_URL', '');
+    vi.stubEnv('FONTDUE_MULTI_TENANT', '');
+    const {
+      fontdueEndpoint
+    } = await importTenant();
+    expect(() => fontdueEndpoint('acme.fontdue.com')).toThrow(/NEXT_PUBLIC_FONTDUE_URL/);
+  });
+  it('multi-tenant: forwards the host to FONTDUE_ORIGIN with the proxy secret', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000',
+      secret: 's3cret'
+    });
+    const {
+      fontdueEndpoint
+    } = await importTenant();
+    expect(fontdueEndpoint('acme.fontdue.com')).toEqual({
+      domain: 'acme.fontdue.com',
+      origin: 'http://app:4000',
+      headers: {
+        'x-forwarded-host': 'acme.fontdue.com',
+        'x-fontdue-proxy-secret': 's3cret'
+      },
+      tags: ['graphql', 'graphql:acme.fontdue.com']
+    });
+  });
+  it('multi-tenant: omits the secret header when unset', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000'
+    });
+    const {
+      fontdueEndpoint
+    } = await importTenant();
+    expect(fontdueEndpoint('acme.fontdue.com').headers).toEqual({
+      'x-forwarded-host': 'acme.fontdue.com'
+    });
+  });
+  it('multi-tenant: falls back to the tenant public URL without FONTDUE_ORIGIN', async () => {
+    stubMultiTenant();
+    const {
+      fontdueEndpoint
+    } = await importTenant();
+    expect(fontdueEndpoint('acme.fontdue.com').origin).toBe('https://acme.fontdue.com');
+  });
+});
+describe('configureFontdueRender', () => {
+  it('rejects invalid domains with null and sets no config', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000'
+    });
+    const {
+      configureFontdueRender
+    } = await importTenant();
+    const {
+      getFontdueServerConfig
+    } = await import("../relay/serverConfig.js");
+    expect(configureFontdueRender('not a domain')).toBeNull();
+    expect(getFontdueServerConfig()).toBeUndefined();
+  });
+  it('sets the per-render server config and returns the endpoint', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000',
+      secret: 's3cret'
+    });
+    const {
+      configureFontdueRender
+    } = await importTenant();
+    const {
+      getFontdueServerConfig
+    } = await import("../relay/serverConfig.js");
+    const endpoint = configureFontdueRender('acme.fontdue.com');
+    expect(endpoint === null || endpoint === void 0 ? void 0 : endpoint.origin).toBe('http://app:4000');
+    // Outside an RSC render React.cache doesn't memoize, so the write is a
+    // no-op here — but the config passed must still be shaped correctly, so
+    // assert via fontdueServerConfig instead.
+    const {
+      fontdueServerConfig
+    } = await importTenant();
+    expect(fontdueServerConfig('acme.fontdue.com')).toEqual({
+      url: 'http://app:4000',
+      headers: {
+        'x-forwarded-host': 'acme.fontdue.com',
+        'x-fontdue-proxy-secret': 's3cret'
+      },
+      cacheTags: ['graphql:acme.fontdue.com'],
+      domain: 'acme.fontdue.com'
+    });
+  });
+});
+describe('prepareFontdueRender', () => {
+  const props = params => ({
+    params: Promise.resolve(params)
+  });
+  it('configures the render and returns the endpoint', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000'
+    });
+    const {
+      prepareFontdueRender
+    } = await importTenant();
+    const endpoint = await prepareFontdueRender(props({
+      domain: 'acme.fontdue.com',
+      slug: 'sans'
+    }));
+    expect(endpoint.origin).toBe('http://app:4000');
+    expect(endpoint.tags).toContain('graphql:acme.fontdue.com');
+  });
+  it('404s invalid or missing domains', async () => {
+    stubMultiTenant();
+    const {
+      prepareFontdueRender
+    } = await importTenant();
+    await expect(prepareFontdueRender(props({
+      domain: 'not a domain'
+    }))).rejects.toThrow('NEXT_NOT_FOUND');
+    await expect(prepareFontdueRender(props({
+      slug: 'sans'
+    }))).rejects.toThrow('NEXT_NOT_FOUND');
+  });
+});
+describe('currentFontdueEndpoint', () => {
+  it('multi-tenant: throws when no render config was set', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000'
+    });
+    const {
+      currentFontdueEndpoint
+    } = await importTenant();
+    expect(() => currentFontdueEndpoint()).toThrow(/prepareFontdueRender/);
+  });
+  it('single-tenant: derives the endpoint from NEXT_PUBLIC_FONTDUE_URL', async () => {
+    stubSingleTenant('https://acme.fontdue.com');
+    const {
+      currentFontdueEndpoint
+    } = await importTenant();
+    expect(currentFontdueEndpoint()).toEqual({
+      domain: 'acme.fontdue.com',
+      origin: 'https://acme.fontdue.com',
+      headers: {},
+      tags: ['graphql', 'graphql:acme.fontdue.com']
+    });
+  });
+  it('uses the render-configured domain when set', async () => {
+    stubMultiTenant({
+      origin: 'http://app:4000'
+    });
+    vi.doMock('../relay/serverConfig', async importActual => ({
+      ...(await importActual()),
+      getFontdueServerConfig: () => ({
+        domain: 'acme.fontdue.com'
+      })
+    }));
+    const {
+      currentFontdueEndpoint
+    } = await importTenant();
+    expect(currentFontdueEndpoint().headers['x-forwarded-host']).toBe('acme.fontdue.com');
+    vi.doUnmock('../relay/serverConfig');
+  });
+});
+describe('generateStaticParams', () => {
+  it('returns no build-time params (everything renders on demand)', async () => {
+    stubMultiTenant();
+    const {
+      generateStaticParams
+    } = await importTenant();
+    await expect(generateStaticParams()).resolves.toEqual([]);
+  });
+});
+
+// withFontdue detects the route-tree shape from the working directory; give
+// it one with or without src/app/[domain].
+function mockAppDir(_ref) {
+  let {
+    domainTree
+  } = _ref;
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'fontdue-app-'));
+  fs.mkdirSync(path.join(dir, domainTree ? 'src/app/[domain]' : 'src/app'), {
+    recursive: true
+  });
+  vi.spyOn(process, 'cwd').mockReturnValue(dir);
+}
+describe('withFontdue', () => {
+  beforeEach(() => mockAppDir({
+    domainTree: true
+  }));
+  it('throws when neither mode is configured', async () => {
+    vi.stubEnv('NEXT_PUBLIC_FONTDUE_URL', '');
+    vi.stubEnv('FONTDUE_MULTI_TENANT', '');
+    const {
+      withFontdue
+    } = await importConfig();
+    expect(() => withFontdue({})).toThrow(/NEXT_PUBLIC_FONTDUE_URL/);
+  });
+  it('single-tenant: rewrites every path under the constant domain', async () => {
+    stubSingleTenant('https://acme.fontdue.com');
+    const {
+      withFontdue
+    } = await importConfig();
+    const rewrites = await withFontdue({}).rewrites();
+    expect(rewrites.afterFiles).toEqual([]);
+    expect(rewrites.fallback).toEqual([]);
+    const destinations = rewrites.beforeFiles.map(r => r.destination);
+    expect(destinations).toEqual(['/acme.fontdue.com', '/acme.fontdue.com/robots.txt', '/acme.fontdue.com/sitemap.xml', '/acme.fontdue.com/:path']);
+  });
+  it('multi-tenant: emits forwarded-host rules before host rules, mutually exclusive', async () => {
+    stubMultiTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    const rewrites = await withFontdue({}).rewrites();
+    expect(rewrites.beforeFiles).toHaveLength(8);
+    const [forwarded, hostBased] = [rewrites.beforeFiles.slice(0, 4), rewrites.beforeFiles.slice(4)];
+    for (const rule of forwarded) {
+      var _rule$has;
+      expect((_rule$has = rule.has) === null || _rule$has === void 0 ? void 0 : _rule$has[0]).toMatchObject({
+        type: 'header',
+        key: 'x-forwarded-host'
+      });
+      expect(rule.missing).toBeUndefined();
+    }
+    for (const rule of hostBased) {
+      var _rule$has2, _rule$missing;
+      expect((_rule$has2 = rule.has) === null || _rule$has2 === void 0 ? void 0 : _rule$has2[0]).toMatchObject({
+        type: 'host'
+      });
+      expect((_rule$missing = rule.missing) === null || _rule$missing === void 0 ? void 0 : _rule$missing[0]).toMatchObject({
+        type: 'header',
+        key: 'x-forwarded-host'
+      });
+    }
+  });
+  it("chains the app's beforeFiles rules ahead of the tenant rules", async () => {
+    stubSingleTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    const userRule = {
+      source: '/old',
+      destination: '/new'
+    };
+    const config = withFontdue({
+      rewrites: async () => ({
+        beforeFiles: [userRule]
+      })
+    });
+    const rewrites = await config.rewrites();
+    expect(rewrites.beforeFiles[0]).toEqual(userRule);
+    expect(rewrites.beforeFiles).toHaveLength(5);
+  });
+  it("treats a plain-array rewrites() result as afterFiles, per Next's contract", async () => {
+    stubSingleTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    const userRule = {
+      source: '/old',
+      destination: '/new'
+    };
+    const rewrites = await withFontdue({
+      rewrites: async () => [userRule]
+    }).rewrites();
+    expect(rewrites.afterFiles).toEqual([userRule]);
+    expect(rewrites.beforeFiles).toHaveLength(4);
+  });
+  it('merges image settings, keeping app remotePatterns and overrides', async () => {
+    stubMultiTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    const config = withFontdue({
+      images: {
+        dangerouslyAllowSVG: false,
+        remotePatterns: [{
+          protocol: 'https',
+          hostname: 'cdn.example'
+        }]
+      }
+    });
+    expect(config.images.dangerouslyAllowSVG).toBe(false);
+    // NODE_ENV is 'test' here, i.e. not production → dev workaround active.
+    expect(config.images.unoptimized).toBe(true);
+    const hostnames = config.images.remotePatterns.map(p => p.hostname);
+    expect(hostnames).toContain('cdn.example');
+    expect(hostnames).toContain('*.fontdue.com');
+    expect(hostnames).toContain('**');
+  });
+  it('passes unrelated config through and defaults htmlLimitedBots', async () => {
+    stubSingleTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    const config = withFontdue({
+      reactStrictMode: true
+    });
+    expect(config.reactStrictMode).toBe(true);
+    expect(config.htmlLimitedBots).toEqual(/.*/);
+    expect(withFontdue({
+      htmlLimitedBots: /Googlebot/
+    }).htmlLimitedBots).toEqual(/Googlebot/);
+  });
+  it('single-tenant flat tree: installs no tenant rewrites', async () => {
+    mockAppDir({
+      domainTree: false
+    });
+    stubSingleTenant('https://acme.fontdue.com');
+    const {
+      withFontdue
+    } = await importConfig();
+    const userRule = {
+      source: '/old',
+      destination: '/new'
+    };
+    const rewrites = await withFontdue({
+      rewrites: async () => ({
+        beforeFiles: [userRule]
+      })
+    }).rewrites();
+    expect(rewrites.beforeFiles).toEqual([userRule]);
+    expect(rewrites.afterFiles).toEqual([]);
+  });
+  it('multi-tenant flat tree: refuses to start', async () => {
+    mockAppDir({
+      domainTree: false
+    });
+    stubMultiTenant();
+    const {
+      withFontdue
+    } = await importConfig();
+    expect(() => withFontdue({})).toThrow(/\[domain\]/);
+  });
+});
+describe('revalidate POST', () => {
+  it('multi-tenant: purges only the tenant tag', async () => {
+    stubMultiTenant();
+    const {
+      POST
+    } = await importRevalidate();
+    const response = await POST(new Request('http://internal/api/revalidate?domain=Acme.Fontdue.com', {
+      method: 'POST'
+    }));
+    expect(response.status).toBe(200);
+    expect(revalidateTag).toHaveBeenCalledExactlyOnceWith('graphql:acme.fontdue.com');
+  });
+  it('multi-tenant: 400s on a missing or invalid domain', async () => {
+    stubMultiTenant();
+    const {
+      POST
+    } = await importRevalidate();
+    for (const url of ['http://internal/api/revalidate', 'http://internal/api/revalidate?domain=not%20a%20domain']) {
+      const response = await POST(new Request(url, {
+        method: 'POST'
+      }));
+      expect(response.status).toBe(400);
+    }
+    expect(revalidateTag).not.toHaveBeenCalled();
+  });
+  it('single-tenant: purges the global graphql tag', async () => {
+    stubSingleTenant();
+    const {
+      POST
+    } = await importRevalidate();
+    const response = await POST(new Request('http://internal/api/revalidate', {
+      method: 'POST'
+    }));
+    expect(response.status).toBe(200);
+    expect(revalidateTag).toHaveBeenCalledExactlyOnceWith('graphql');
+  });
+});

package/dist/components/Cart/CartOrder.js

@@ -4,7 +4,7 @@ import _CartOrderRemoveDiscountMutation from "../../__generated__/CartOrderRemov
 import _CartOrderUpdateMutation from "../../__generated__/CartOrderUpdateMutation.graphql.js";
 import _CartOrder_UpdateErrors from "../../__generated__/CartOrder_UpdateErrors.graphql.js";
 import _CartOrderCompleteOrderMutation from "../../__generated__/CartOrderCompleteOrderMutation.graphql.js";
-import React, { Fragment, useRef, useState } from 'react';
+import React, { Fragment, useEffect, useRef, useState } from 'react';
 import { commitMutation, graphql, useFragment, useRelayEnvironment } from 'react-relay';
 import Checkout from './Checkout.js';
 import CheckoutSteps from './CheckoutSteps.js';
@@ -21,6 +21,7 @@ import { textVariablesAllHaveText } from './utils.js';
 import { useStripe } from '@stripe/react-stripe-js';
 import { useDispatch } from 'react-redux';
 import CartState from './CartState.js';
+import { sendOrderTracking } from './orderTracking.js';
 
 // note here we're only updating the order (by id).
 // careful not to update the current customer's reference
@@ -44,6 +45,13 @@ const CartOrder = _ref => {
   const environment = useRelayEnvironment();
   const stripe = useStripe();
   const dispatch = useDispatch();
+
+  // Capture analytics consent + attribution on the order for the purchase
+  // event the server emits on completion (from a Stripe webhook, where no
+  // browser context exists).
+  useEffect(() => {
+    if (open) sendOrderTracking(environment);
+  }, [open, environment]);
   const order = useFragment((_CartOrder_order.hash && _CartOrder_order.hash !== "25ef000c40000c4f76f973ac6ac7f593" && console.error("The definition of 'CartOrder_order' appears to have changed. Run `relay-compiler` to update the generated files to receive the expected data."), _CartOrder_order), orderKey);
   const viewer = useFragment((_CartOrder_viewer.hash && _CartOrder_viewer.hash !== "8cf5ab5a33a474483a6c231cc44b0df1" && console.error("The definition of 'CartOrder_viewer' appears to have changed. Run `relay-compiler` to update the generated files to receive the expected data."), _CartOrder_viewer), viewerKey);