My app is being rejected because it apparently needs cookies enabled. I didn't touch any cookies myself. I use session storage but I see a bunch of cookies in my browser.
It looks to me like they are shopify cookies and I'm not sure how to proceed.
I made the app starting with the code generated by their CLI.
Anyone have any advice. The cookies I see in my. app:
koa.sess.sig
shopifyNonce.sig
shopifyNonce
koa.sess
shopify.granted_storage_access
Are any of these something that I might actually be setting myself? Don't think any of them are any third party I'm intentionally using.
Any suggestions on how I might proceed?
Related
We noticed a white page blink when page refresh happens on site when the user is logged in.
Also, we know that transfer state is not happening when the user has logged in and this is implemented intentionally since user data will be loaded again anyway.
Then we enabled transfer state for the logged-in users and there is one issue regarding acces_token.
Problem happens when acces_token becomes invalid and the page refreshed, so too many requests are made with the old acces_token (not an endless loop), and it's noticeable that acces_token changes more than a couple of times at that moment.
We assume that cms components make additional requests with the old token and we want to fix this somehow.
We are using Spartacus version 2.1.4
Any ideas on how to fix this?
Let me know if any more info is needed on this.
Thanks in advance.
This shows what is happening after you refresh the page when access_token is expired.
Network tab
I believe it's possible to face such issue when enabling transfer state for logged-in users. If you think it might be a bug or at least good candidate for a feature request please create a ticket: https://github.com/SAP/spartacus/issues/new/choose so the info for reproducing the issue will be provided.
Can you share what's the use case for enabling transfer state for authenticated users?
It might not be exactly the same case but some people deal with similar problem (flickering with SSR enabled for authenticated requests) using cookies:
send token to server in angular universal
Angular universal flickring with Transfer state
So, lately I've been playing around with the Slack API and I kind of figured out how to access the API using the keys available when I use Slack in Chrome. I'm able to access the conversations.history method and download messages. Anyone with API experience know if this is a normal thing? To be able to access the API with a App or standard Authentication token (user tokens are prefixed xoxp- and bot tokens xoxb- and workspace tokens xoxa-2. The token I was using was xoxc- . ) It seems kind of insecure, so my question is, are APIs always vulnerable like this. And, also, I'm guessing that I shouldn't be accessing it like this, and wondering if anyone has heard of people getting in trouble for this or if its expected/ok?
This is the response I got from Slack regarding it.
Thanks for reaching out, I'd be happy to help.
To clarify, xoxc tokens are special tokens that are used by the web client. These tokens are cookie dependent, so even if the token is somehow stolen, it would not be very useful.
However, while we might not explicitly prevent it, using xoxc tokens for the API is not supported or recommended. Our API methods and scopes are meant to be used with Bot (xoxb) or User tokens (xoxp). Workspace tokens (xoxa) tokens are now deprecated, as they were only available to create during a limited developer preview which has since ended.
https://api.slack.com/authentication/token-types
As you continue to use the API, I'd recommend creating a Slack app and creating a properly scoped token as described here:
https://api.slack.com/authentication/basics#scopes
I hope this helps clarify, but please let me know if you have any further questions.
Currently I set first party cookies from Google Tag manager. If cookies live only 1 day, I can recover the cookie if a localstorage variable is available. But my understanding is localstorage is also sandboxed, for anything written by third party tags, to 7 days or so.
How do I persist first party cookies set in GTM?
If first party javascripts can still persist cookies or localstorage variables, probably I would just use the iframe message passing to make the first party javascript set the cookie. Or maybe jsonp. Does anyone know if those work arounds would work, or if my understanding of the sandboxing is correct.
This is just a quick question really for my own peace of mind more than anything.
When accessing an app hosted on Heroku through https://myapp.herokuapp.com I get a warning in Google Chrome and Firefox (but not Safari) along the lines of:
You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
I don't really want to pay the $20 a month for the SSL-Endpoint addon and was just wondering why these warnings appear and whether there was a way around it/how to find the content that is unencrypted.
I have tried both with and without config.force_ssl = true
Any suggestions? Any help would be appreciated
Turns out that this was an issue with a request from Google maps.
As far as I can remember, they changed their API to allow access over https:// after we began development.
It was simply a case of following the new process that was documented on the Google API page
I'm having a really strange problem. I've written an iOS/Rails app in which users have accounts, and need to log in to perform all kinds of actions within the app.
When the app launches, the app detects whether the user's username and password have been stored. If not, it prompts for login credentials. Anyway, logging in seems to be working perfectly, and the server sends back the appropriate response.
However, when I try to do anything else in the app that requires being logged in, I get an error from the server saying I don't have the login credentials. I didn't think I had to do anything special with the cookies (i.e. I thought they were stored automatically), but maybe I'm wrong?
If some code samples would help, let me know what snippets you'd like to see and I'll post them, but I feel like this is more of a conceptual misunderstanding on my part than anything else.
Any help is much appreciated!
EDIT: I tested the app on my friend's phone, and it works fine. It's only my phone which is having trouble with the app. I looked for any settings involving cookies, but because all the apps are sandboxed, changing settings with cookies in Safari, for example, won't help. I'm pulling my hair out with this issue. I've restarted my phone, deleted and reinstalled the app, and tried changing some of the code, without any success. The Facebook app works as expected, so I assume cookies are being stored in Facebook's sandbox. Only my app seems to be having this problem, but it was working yesterday. Any suggestions?
After you login you need to store the cookie which is returned. It will then be sent with every request afterwards.
Take alook at theses q's:
Objective-C Asynchronous Web Request with Cookies
Managing HTTP Cookies on iPhone
iPhone NSData/NSUrl with cookie