Sharing consent when adopting Hydrogen incrementally

[dduupp]

We are currently in the process of adopting Hydrogen incrementally for cowboy.com, using the catch-all route to proxy Liquid pages that are not ready for production in Hydrogen yet.

At this time, it is only our lu.cowboy.com (🇱🇺) subdomain that is using this incremental adoption in production. The homepage here is proxying a Liquid page. An example of a page that is completely revamped in Hydrogen is our Delivery page. Notice how on proxied Liquid pages, the privacy banner is not shown, while on Hydrogen pages it is.

It seems like the privacy banner is not loading correctly on routes that are proxying Liquid pages.

We have narrowed the issue down to the storefront-banner.js script querying consentManagement through /api/unstable/graphql.json (see requests) and simply returning null. This seems an incorrect return value, as the script itself seems to expect a response object with an errors property when something goes wrong:

Uncaught (in promise) TypeError: Cannot read properties of null (reading 'errors')

Seems like a bug maybe?

[wizardlyhel]

@dduupp Thanks for logging this. Let me check with the cookie banner team. In the meantime, could you explain what's the custom snippet in your Online Store theme doing with consent? I don't think it is just console logging ...

[dduupp]

Hi @helen-mou, of course.

When we are proxying our Liquid website (e.g. lu.cowboy.com), we are setting <html data-proxied="1"> in our Liquid templates. This allows us to conditionally define checkoutRootDomain, storefrontRootDomain and storefrontAccessToken to setTrackingConsent(), as when simply navigating to unproxied cowboy.com, consent works without issues.

[wizardlyhel]

@dduupp I think you might want to remove the proxy for now (maybe even remove the hydrogen app and revert back to online store). I can't even add to cart on lu.cowboy.com.

What's happening right now is that the majority of your lu site is proxied thru Hydrogen. Since lu.cowboy.com is on Hydrogen, some existing endpoints, like the consent api, is not able to properly find reference to the online store it suppose to belong. This is the same with the custom cart you have setup on your site.

1. Hydrogen proxy a online store page
2. The proxied page tries to make a client side callback to online store using existing online store setup (This is where the disconnect happens)

This is the same with the custom cart you have setup on your site.

The incremental Hydrogen adoption is something we no longer recommended and is only best suited for Hydrogen app that have implemented the critical buyer path (product, cart pages and any pages that have direct interaction with cart). There could be many other integrations that can break depending on what 3rd party app you have installed on the Online Store.

[dduupp]

Hi @wizardlyhel

We appreciate your extensive help on this topic 🙏

We do realize incremental adoption is not fully supported/recommended, however we would still like to go through with it. Due to continuous updates and marketing requirements on our website (e.g. upcoming Black Friday) it's quite valuable for us to be able to go live with pages that are less prone to updates first, and gradually implementing others as we go.

Testing the cart, this works as expected; opening the cart drawer, clicking "Add a bike", then returning to the (proxied) homepage shows the product in the cart. Then navigating to /pages/delivery (Hydrogen page) still shows the products in cart correctly. We've implemented this following the migration docs.

some existing endpoints, like the consent api, is not able to properly find reference to the online store it suppose to belong

We realize this is where the issue lies, but I guess we are simply unable to figure out just how exactly the consent API is trying to find the config for our online store. Is it looking at request headers, cookies, ...? That part is quite unclear to us. If we would have a better understanding of how the storefront-banner.js script is working, we might be able to figure out what to do in order to make proxied pages work.

[wizardlyhel]

Then, on the Online Store side, please trigger the consent banner as if you were on headless site. You should trigger it like this:

window.privacyBanner.loadBanner({
  checkoutRootDomain: 'cowboy.com',
  storefrontAccessToken: '<public access token>',
  /** (Optional) CountryCode  */
  country: 'LU',
  /** (Optional) LanguageCode  */
  locale: 'EN',
});

[dduupp]

Hi @helen-mou, we've now implemented this on our proxied pages. However, it seems like reloading the page now resets consent every time. Here's the __cmp_a cookie value at every stage:

✅ Before consent

{"con":{"CMP":{"a":"","m":"","p":"","s":""}},"v":"2.1","region":"BEBRU","reg":"","purposes":{"p":false,"a":false,"m":false,"t":true},"display_banner":true,"sale_of_data_region":false}

✅ After consent (accepting cookies)

{"con":{"CMP":{"a":"1","m":"1","p":"1","s":""}},"v":"2.1","region":"BEBRU","reg":"","purposes":{"p":true,"a":true,"m":true,"t":true},"display_banner":true,"sale_of_data_region":false}

❌ After page reload

{"con":{"CMP":{"a":"","m":"","p":"","s":"0"}},"v":"2.1","region":"BEBRU","reg":"","purposes":{"p":false,"a":false,"m":false,"t":false},"display_banner":true,"sale_of_data_region":false}

You should be able to reproduce this on on lu.cowboy.com

[loiic-v]

Hi @wizardlyhel, have you had a chance to check out this issue where CMP cookies are being reset on every page load (as described above), no matter how the user interacts with the Customer Privacy API via the native Shopify cookie banner?
It’s a major deadline blocker for our business, stopping us from launching the incremental adoption of Hydrogen.

[wizardlyhel]

It looks like the force display banner on the Online store is conflicting with the original one Online Store has and resetting the consent all together.

Since the consent cookies are resetting, it's most likely the checkout won't be getting this setting and will default to no tracking.

I don't recommend to continue down this path.

---

Another way to approach this is to not use Shopify cookie banner and implement your own cookie banner. You can still use Shopify consent management API for storing and getting regional consent settings.

Hydrogen doc: https://shopify.dev/docs/storefronts/headless/hydrogen/analytics/consent-3p (Instruction is a bit outdated but it'll get an update soon - follow the instruction to turn off cookie banner in admin but keep the regional consent setting)
Consent API doc: https://shopify.dev/docs/api/customer-privacy#assets (You will want to only load the consent privacy api)

It's a bit of work but at least you can have a working consent banner during the migration process. afterwards, feel free to switch back to Shopify consent cookie banner when all page migrations are done.