fix(theme): preserve dev preview theme across SFR redirects#7642
Open
EvilGenius13 wants to merge 1 commit into
Open
fix(theme): preserve dev preview theme across SFR redirects#7642EvilGenius13 wants to merge 1 commit into
EvilGenius13 wants to merge 1 commit into
Conversation
The storefront renderer fetch call was using fetch's default redirect
behavior ('follow'), which silently dropped the intermediate Set-Cookie
headers that bind _shopify_essential to the dev theme. After SFR migrated
preview_theme_id from server-side storage into the cookie (shop/world
2026-03-27), this latent issue surfaced as the dev preview occasionally
rendering the live theme.
Set redirect: 'manual' on storefront-renderer fetches and patch response
headers (Set-Cookie capture + Location rewrite) on 3xx so the browser can
follow the redirect cleanly while we keep the dev-bound session cookie.
Fixes #7344
EvilGenius13
force-pushed
the
fix/theme-dev-redirect-manual
branch
from
44ea01c to
932be3d
Compare
EvilGenius13
commented
May 26, 2026
| rawResponse: Response, | ||
| patchCallback?: (html: string) => string | undefined, | ||
| ): Promise<Response> { | ||
| const response = patchProxiedResponseHeaders(ctx, rawResponse) |
Contributor
Author
There was a problem hiding this comment.
Flipping this to happen earlier makes sure the cookie is available to our session for any following requests.
EvilGenius13
commented
May 26, 2026
| response = await fetch(url, { | ||
| method: 'POST', | ||
| body: bodyParams, | ||
| redirect: 'manual', |
Contributor
Author
There was a problem hiding this comment.
This makes the cookie visible by not having node drop it on a redirect.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes theme dev preview sessions occasionally losing the dev preview theme after Storefront Renderer (SFR) redirects by preventing server-side fetch from auto-following 3xx responses (so intermediate Set-Cookie headers aren’t dropped) and ensuring redirect responses have their headers patched before returning to the browser.
Changes:
- Set
redirect: 'manual'on SFRfetchcalls in the storefront renderer to preserve intermediateSet-Cookieheaders. - Patch and return 3xx rendering responses (cookie capture +
Locationrewrite) instead of returning the raw response unmodified. - Add targeted unit tests covering manual redirect behavior and 3xx header patching; add a patch changeset.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| packages/theme/src/cli/utilities/theme-environment/storefront-renderer.ts | Uses manual redirect handling for SFR fetches to preserve intermediate redirect cookies. |
| packages/theme/src/cli/utilities/theme-environment/storefront-renderer.test.ts | Adds tests ensuring GET/POST render requests do not auto-follow 3xx responses. |
| packages/theme/src/cli/utilities/theme-environment/proxy.ts | Ensures 3xx responses are header-patched (cookies + Location) before returning. |
| packages/theme/src/cli/utilities/theme-environment/proxy.test.ts | Adds tests for _shopify_essential capture and Location rewriting on 3xx responses. |
| .changeset/tidy-bats-prove.md | Declares a patch release note for the fix. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| '@shopify/theme': patch | ||
| --- | ||
|
|
||
| Fix `theme dev` preview occasionally rendering the live theme by preserving shopify cookie in redirects |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WHY are these changes introduced?
The storefront renderer fetch call was using fetch's default redirect behavior ('follow'), which silently dropped the intermediate Set-Cookie headers that bind _shopify_essential to the dev theme. After SFR migrated preview_theme_id from server-side storage into the cookie (shop/world 2026-03-27), this latent issue surfaced as the dev preview occasionally rendering the live theme.
Set redirect: 'manual' on storefront-renderer fetches and patch response headers (Set-Cookie capture + Location rewrite) on 3xx so the browser can follow the redirect cleanly while we keep the dev-bound session cookie.
WHAT is this pull request doing?
on 3xx so the browser can follow the redirect cleanly while we keep the dev-bound session cookie.
How to test your changes?
Post-release steps
Checklist
patchfor bug fixes ·minorfor new features ·majorfor breaking changes) and added a changeset withpnpm changeset add