From 9a33f94144a324cd11f6dc31d94d273cd0fa0aa1 Mon Sep 17 00:00:00 2001 From: Vedanshu Jain Date: Sat, 9 Nov 2024 10:33:24 +0530 Subject: [PATCH] Support partitioned cookies. --- app/src/index-functions.php | 3 ++- docs/js/serverless-api.js | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/src/index-functions.php b/app/src/index-functions.php index 7749ffb..5429eed 100644 --- a/app/src/index-functions.php +++ b/app/src/index-functions.php @@ -33,7 +33,7 @@ function init_client(): void { $site_info = SiteInfo::from_array( json_decode( $site_info_json, true ) ); - session_set_cookie_params( 0, '/', $_SERVER['HTTP_HOST'], true, true ); + session_set_cookie_params( 0, '/; Partitioned; Secure; SameSite=None', $_SERVER['HTTP_HOST'], true, true ); if ( session_status() === PHP_SESSION_NONE ) { session_start(); } @@ -69,6 +69,7 @@ function init_client(): void { header( 'Access-Control-Allow-Credentials: true' ); header( 'Access-Control-Allow-Headers: Content-Type, X-CSRF-Token' ); header( 'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS' ); + } } } diff --git a/docs/js/serverless-api.js b/docs/js/serverless-api.js index a2285f1..af901ab 100644 --- a/docs/js/serverless-api.js +++ b/docs/js/serverless-api.js @@ -9,7 +9,7 @@ class ServerlessWooAPI { DELETE_ITEM: '/store/v1/cart/delete-item', CLEAR: '/store/v1/cart/clear' } - }; + }; constructor() { this.baseUrl = 'https://gh-demo-woo.app.serverlesswoo.com'; @@ -17,6 +17,7 @@ class ServerlessWooAPI { } async _fetch(endpoint, options = {}) { + options.credentials = 'include'; // Add CSRF token to headers if available if (this.csrfToken) { options.headers = { @@ -26,7 +27,7 @@ class ServerlessWooAPI { } const response = await fetch(`${this.baseUrl}${endpoint}`, options); - + // Extract and store CSRF token from response headers const newToken = response.headers.get('X-CSRF-Token'); if (newToken) {