Force / path on session cookie

Shopify · Jan 3, 2023 · ea0a42c · ea0a42c
1 parent 8bcfe37
commit ea0a42c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
 
+- [Patch] Force `/` path on session cookie [#658](https://github.com/Shopify/shopify-api-js/pull/658)
 - [Patch] Don't ignore previous headers when beginning OAuth [#652](https://github.com/Shopify/shopify-api-js/pull/652)
 - [Patch] Export missing client types from package [#648](https://github.com/Shopify/shopify-api-js/pull/648)
 - [Patch] Add an info-level log of API library version and runtime environment string during initialization, to aid in troubleshooting [650](https://github.com/Shopify/shopify-api-js/pull/650)

diff --git a/lib/auth/oauth/oauth.ts b/lib/auth/oauth/oauth.ts
@@ -179,6 +179,7 @@ export function callback(config: ConfigInterface) {
         expires: session.expires,
         sameSite: 'lax',
         secure: true,
+        path: '/',
       });
     }