Merge pull request #4257 from Shopify/fix-theme-dev

Avoid live theme from being set in the `shopify theme dev` session
Shopify · Aug 2, 2024 · 81c7a4c · 81c7a4c
2 parents d30fbb7 + 19f230f
commit 81c7a4c
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 4 deletions.
diff --git a/.changeset/chilly-garlics-stare.md b/.changeset/chilly-garlics-stare.md
@@ -0,0 +1,5 @@
+---
+'@shopify/theme': patch
+---
+
+Prevent the live theme from being set in the `shopify theme dev` session by Shopify infrastructure
diff --git a/packages/cli-kit/assets/cli-ruby/lib/shopify_cli/theme/dev_server/proxy.rb b/packages/cli-kit/assets/cli-ruby/lib/shopify_cli/theme/dev_server/proxy.rb
@@ -242,9 +242,8 @@ def get_response_headers(response, env)
 
           new_session_id = extract_shopify_essential_from_response_headers(response_headers)
           if new_session_id
-            @ctx.debug("New _shopify_essential cookie from response")
-            @secure_session_id = new_session_id
-            @last_session_cookie_refresh = Time.now
+            @ctx.debug("Renew _shopify_essential cookie by the response")
+            @secure_session_id = secure_session_id
           end
 
           response_headers

diff --git a/packages/cli-kit/assets/cli-ruby/test/shopify-cli/theme/dev_server/proxy_test.rb b/packages/cli-kit/assets/cli-ruby/test/shopify-cli/theme/dev_server/proxy_test.rb
@@ -162,9 +162,32 @@ def test_refreshes_session_cookie_on_expiry
         end
 
         def test_update_session_cookie_when_returned_from_backend
-          stub_session_id_request
           new_shopify_essential = "#{SECURE_SESSION_ID}2"
 
+          stub_request(:head, "https://dev-theme-server-store.myshopify.com/?_fd=0&pb=0&preview_theme_id=123456789")
+            .with(
+              headers: {
+                "Host" => "dev-theme-server-store.myshopify.com",
+              },
+            )
+            .to_return([
+              {
+                status: 200,
+                headers: {
+                  "Set-Cookie" => "_shopify_essential=#{SECURE_SESSION_ID}",
+                },
+              },
+              {
+                status: 200,
+                headers: {
+                  "Set-Cookie" => "_shopify_essential=#{new_shopify_essential}",
+                },
+              },
+            ])
+
+          # Force the _shopify_essential cookie to be refreshed.
+          @proxy.stubs(:secure_session_id_expired?).returns(true)
+
           # POST response returning a new session cookie (Set-Cookie)
           stub_request(:post, "https://dev-theme-server-store.myshopify.com/account/login?_fd=0&pb=0")
             .with(