fix lint errors

Author: unandyala

packages/commerce-sdk-react/src/provider.tsx

@@ -157,7 +157,8 @@ const CommerceApiProvider = (props: CommerceApiProviderProps): ReactElement => {
     // When HttpOnly cookies are enabled, ensure fetch credentials allow cookies to be sent.
     // Override 'omit' or unset to 'same-origin'; keep 'same-origin' or 'include' as-is.
     const effectiveFetchOptions =
-        useHttpOnlySessionCookies && (!fetchOptions?.credentials || fetchOptions.credentials === 'omit')
+        useHttpOnlySessionCookies &&
+        (!fetchOptions?.credentials || fetchOptions.credentials === 'omit')
             ? {...fetchOptions, credentials: 'same-origin' as RequestCredentials}
             : fetchOptions
 

packages/pwa-kit-dev/CHANGELOG.md

@@ -1,6 +1,7 @@
 ## v3.17.0-dev
 - Add Node 24 support, remove legacy `url` module import. Drop Node 16 support [#3652](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3652)
 - Add configuration flag `disableHttpOnlySessionCookies` to `ssrParameters` [#3635](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3635)
+- Fix issue to correctly set the environment variable `MRT_DISABLE_HTTPONLY_SESSION_COOKIES` [#3680](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3680)
 
 ## v3.16.0 (Feb 12, 2026)
 

packages/pwa-kit-runtime/src/ssr/server/build-remote-server.test.js

@@ -365,7 +365,6 @@ describe('SLAS private proxy', () => {
             mockSlasServerInstance.close()
         }
     })
-
 })
 
 describe('HttpOnly session cookies', () => {
@@ -583,8 +582,8 @@ describe('HttpOnly session cookies', () => {
 
             expect(response.headers['set-cookie']).toBeDefined()
             const cookies = response.headers['set-cookie']
-            expect(cookies.some(c => c.includes('access_token_testsite'))).toBe(true)
-            expect(cookies.some(c => c.includes('cc-nx-g_testsite'))).toBe(true)
+            expect(cookies.some((c) => c.includes('access_token_testsite'))).toBe(true)
+            expect(cookies.some((c) => c.includes('cc-nx-g_testsite'))).toBe(true)
         } finally {
             mockSlasServerInstance.close()
         }
@@ -692,7 +691,7 @@ describe('HttpOnly session cookies', () => {
 
             expect(response.headers['set-cookie']).toBeDefined()
             const cookies = response.headers['set-cookie']
-            expect(cookies.some(c => c.includes('access_token_testsite'))).toBe(true)
+            expect(cookies.some((c) => c.includes('access_token_testsite'))).toBe(true)
         } finally {
             mockSlasServerInstance.close()
         }

packages/pwa-kit-runtime/src/utils/ssr-server/configure-proxy.basic.test.js

@@ -7,7 +7,6 @@
 import {
     applyProxyRequestHeaders,
     applyProxyRequestAuthHeader,
-    ALLOWED_CACHING_PROXY_REQUEST_METHODS,
     configureProxy
 } from './configure-proxy'
 import * as ssrProxying from '../ssr-proxying'
@@ -122,7 +121,10 @@ describe('applyProxyRequestAuthHeader', () => {
             slasEndpointsRequiringAccessToken: /\/oauth2\/logout/
         })
 
-        expect(proxyRequest.setHeader).toHaveBeenCalledWith('authorization', 'Bearer test-access-token')
+        expect(proxyRequest.setHeader).toHaveBeenCalledWith(
+            'authorization',
+            'Bearer test-access-token'
+        )
     })
 
     it('applies Bearer token for SLAS logout endpoint', () => {
@@ -146,7 +148,10 @@ describe('applyProxyRequestAuthHeader', () => {
             slasEndpointsRequiringAccessToken: /\/oauth2\/logout/
         })
 
-        expect(proxyRequest.setHeader).toHaveBeenCalledWith('authorization', 'Bearer test-access-token')
+        expect(proxyRequest.setHeader).toHaveBeenCalledWith(
+            'authorization',
+            'Bearer test-access-token'
+        )
     })
 
     it('does not apply Bearer token for SLAS token endpoint', () => {