Class: ShopifyApp::SameSiteCookieMiddleware

Inherits:

Object

• Object
• ShopifyApp::SameSiteCookieMiddleware

Defined in:

lib/shopify_app/middleware/same_site_cookie_middleware.rb

Class Method Summary

• .chromium_based?(sniffer) ⇒ Boolean
• .drops_unrecognized_same_site_cookies?(sniffer) ⇒ Boolean
• .same_site_none_incompatible?(user_agent) ⇒ Boolean
• .uc_browser?(sniffer) ⇒ Boolean
• .uc_browser_version_at_least?(sniffer:, major:, minor:, build:) ⇒ Boolean
• .webkit_same_site_bug?(sniffer) ⇒ Boolean

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ SameSiteCookieMiddleware constructor

  A new instance of SameSiteCookieMiddleware.

Constructor Details

#initialize(app) ⇒ SameSiteCookieMiddleware

Returns a new instance of SameSiteCookieMiddleware.

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 3

def initialize(app)
  @app = app
end

Class Method Details

.chromium_based?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 43

def self.chromium_based?(sniffer)
  sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
end

.drops_unrecognized_same_site_cookies?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 38

def self.drops_unrecognized_same_site_cookies?(sniffer)
  (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
    (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
end

.same_site_none_incompatible?(user_agent) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 25

def self.same_site_none_incompatible?(user_agent)
  sniffer = BrowserSniffer.new(user_agent)

  webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
rescue
  true
end

.uc_browser?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 47

def self.uc_browser?(sniffer)
  sniffer.user_agent.downcase.match?(/uc\s?browser/)
end

.uc_browser_version_at_least?(sniffer:, major:, minor:, build:) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 51

def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
  digits = sniffer.browser_version.split('.').map(&:to_i)
  return false unless digits.count >= 3

  return digits[0] > major if digits[0] != major
  return digits[1] > minor if digits[1] != minor
  digits[2] >= build
end

.webkit_same_site_bug?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 33

def self.webkit_same_site_bug?(sniffer)
  (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
    (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/shopify_app/middleware/same_site_cookie_middleware.rb', line 7

def call(env)
  _status, headers, _body = @app.call(env)
ensure
  user_agent = env['HTTP_USER_AGENT']

  if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
      ShopifyApp.configuration.enable_same_site_none

    cookies = headers['Set-Cookie'].split("\n").compact

    cookies.each do |cookie|
      unless cookie.include?("; SameSite")
        headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None")
      end
    end
  end
end