-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
capybara tests failing because of secure attribute on shopify session cookie #874
Comments
issue introduced by #851 |
Thanks for the report, do you have some instructions for how we can replicate this? We don't run an capybara tests currently. |
I'm seeing similar issue where I'm setting an app-related session key that doesn't get passed through. My app is working find in dev and production, but the tests are failing. I'm trying to make a workaround now. I'll update here if there's any progress. |
This is the gist of my test: describe 'Installing the app in a new shop', type: :system, js: true do
it 'is able to install app from login homepage' do
visit root_path # redirects to '/login'
fill_in 'shop', with: 'my-test-shop.myshopify.com'
click_on 'Install'
expect(page).to have_selector('a[href="/"]', text: app_name)
end
end |
I realized that if I disable somehow the SameSite cookie modification, all of my tests pass. So I simply added this to the bottom of my module ShopifyApp
class SameSiteCookieMiddleware
def call(env)
@app.call(env)
end
end
end There are probably better ways though... |
Same issue here but I just disabled it in the shopify_app configuration for the test environment. e.g. ShopifyApp.configure do |config|
# ...
config.embedded_app = true
# Defaults to on but breaks all cookies in the test environment with capybara-webkit
config.enable_same_site_none = if Rails.env.test?
false
else
true
end
end While running the test if this is enabled (default) there is no My guess is that the user agent sniffer is part of the problem but I'm not digging into it. Here's what capybara is setting on a Linux host:
|
Ah I didn't know there's a config option for this. That looks like much cleaner solution. You could simplify it further like this: ShopifyApp.configure do |config|
# ...
config.embedded_app = true
# Defaults to on but breaks all cookies in the test environment with capybara-webkit
config.enable_same_site_none = !Rails.env.test?
end |
Okay I will look into adding this configuration into our gem so that you do not need to worry about this in the future. Thanks for the deep dive into the problem. |
Thanks for taking care of this @tanema! 👍 Looking at this again, maybe just a mention in the README would be enough. 🤔 |
I think if we can just make the gem do this automatically so that the developer does not have to come back to the repo/README to figure out how to make their tests work then it should be done that way. People already have enough frustrations right now 😓 |
Unable to run rspecs with js: true. Because while setting the shopify session cookie secure attribute is set by default.
As Rspecs are run mostly on http not on https protocol authentication is failing, becuase cookie is not set correctly on browser and its not sent back to server on following requests.
work around can be disabling the same site option in test mode.
ShopifyApp.configuration.enable_same_site_none = false
The text was updated successfully, but these errors were encountered: