Rename MRT_DISABLE_HTTPONLY_SESSION_COOKIES to MRT_ENABLE_HTTPONLY_SESSION_COOKIES#3723
Conversation
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
unandyala
changed the title
|
There are some unverified commits in this PR |
…SSION_COOKIES Remove the double-negative pattern. Rename the env var, config flag (disableHttpOnlySessionCookies → enableHttpOnlySessionCookies), and window global across all packages. Flip comparison logic accordingly. Also includes: rename functions for clarity (setScapiAuthRequestHeaders, setTokensInLogoutRequest, setHttpOnlySessionCookies), extract logout token injection, remove unused siteId fallback/trim, make slasLogoutEndpoint a non-overridable constant, guard proxy auth behind HttpOnly flag, and add x-site-id header for dynamic multisite siteId. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
unandyala
force-pushed
the
unandyala.rename-config
branch
from
8573380 to
b0754e1
Compare
| privateClientProxyEndpoint={slasPrivateClientProxyEndpoint} | ||
| // Uncomment 'hybridAuthEnabled' if the current site has Hybrid Auth enabled. Do NOT set this flag for hybrid storefronts using Plugin SLAS. | ||
| // hybridAuthEnabled={true} | ||
| useHttpOnlySessionCookies={ |
There was a problem hiding this comment.
missed the template change before. So added this here
vcua-mobify
left a comment
vcua-mobify
left a comment
There was a problem hiding this comment.
Small question. Does this change mean that the default if that env var is not set is now http only is off?
It's probably fine since it's a new feature and existing projects will need to make a change regardless to enable the feature.
The default is off (httponly=false) for existing storefronts. It will be on by default for any new storefront that is generated. |
4 participants
Summary
MRT_DISABLE_HTTPONLY_SESSION_COOKIES→MRT_ENABLE_HTTPONLY_SESSION_COOKIESto remove the double-negative patterndisableHttpOnlySessionCookies→enableHttpOnlySessionCookies__MRT_DISABLE_HTTPONLY_SESSION_COOKIES__→__MRT_ENABLE_HTTPONLY_SESSION_COOKIES__=== 'false'→=== 'true', default?? true→?? false)Packages touched
pwa-kit-runtime— proxy auth, token response processingpwa-kit-react-sdk— window global for SSRpwa-kit-dev— local dev env varpwa-kit-create-app— generator templatestemplate-retail-react-app— _app-config, configTest plan
build-remote-server.test.js— 54/54 passedconfigure-proxy.basic.test.js— 10/10 passed🤖 Generated with Claude Code