saleor · lkostrowski · Jan 28, 2025 · Jan 27, 2025 · Jan 28, 2025
@@ -0,0 +1,5 @@
+---
+"@saleor/app-sdk": major
+---
+
+Breaking change: Remove checking "domain" header from Saleor requests. It should be replaced with the "saleor-api-url" header.
@@ -1,5 +1,4 @@
 export interface AuthData {
-  domain?: string;
   token: string;
   saleorApiUrl: string;
   appId: string;

@@ -12,11 +12,10 @@ export const authDataFromObject = (parsed: unknown): AuthData | undefined => {
     debug("Given object did not contained AuthData");
     return undefined;
   }
-  const { saleorApiUrl, appId, domain, token, jwks } = parsed as AuthData;
+  const { saleorApiUrl, appId, token, jwks } = parsed as AuthData;
   return {
     saleorApiUrl,
     appId,
-    domain,
     token,
     jwks,
   };

@@ -14,7 +14,6 @@ const getMockAuthData = (): AuthData => ({
   appId: "app-id",
   token: "some-token",
   jwks: "{}",
-  domain: "my-saleor-instance.cloud",
 });
 
 describe("EnvAPL", () => {
@@ -58,8 +57,7 @@ describe("EnvAPL", () => {
   "saleorApiUrl": "https://my-saleor-instance.cloud/graphql/",
   "appId": "app-id",
   "token": "some-token",
-  "jwks": "{}",
-  "domain": "my-saleor-instance.cloud"
+  "jwks": "{}"
 }`
     );
   });

@@ -5,7 +5,6 @@ import { AuthData } from "./apl";
 import { FileAPL } from "./file-apl";
 
 const stubAuthData: AuthData = {
-  domain: "example.com",
   token: "example-token",
   saleorApiUrl: "https://example.com/graphql/",
   appId: "42",

@@ -48,21 +48,17 @@ export class FileAPL implements APL {
       return undefined;
     }
 
-    const { token, domain, saleorApiUrl, appId, jwks } = parsedData;
+    const { token, saleorApiUrl, appId, jwks } = parsedData;
 
     if (token && saleorApiUrl && appId) {
-      debug("Token and domain found, returning values: %s, %s", domain, `${token[0]}***`);
+      debug("Token found, returning values: %s", `${token[0]}***`);
 
       const authData: AuthData = { token, saleorApiUrl, appId };
 
       if (jwks) {
         authData.jwks = jwks;
       }
 
-      if (domain) {
-        authData.domain = domain;
-      }
-
       return authData;
     }
 

@@ -4,8 +4,6 @@ import { hasProp } from "../has-prop";
  * Checks if given object has fields used by the AuthData
  */
 export const hasAuthData = (data: unknown) =>
-  hasProp(data, "domain") &&
-  data.domain &&
   hasProp(data, "token") &&
   data.token &&
   hasProp(data, "appId") &&

@@ -14,7 +14,6 @@ const aplConfig: SaleorCloudAPLConfig = {
 };
 
 const stubAuthData: AuthData = {
-  domain: "example.com",
   token: "example-token",
   saleorApiUrl: "https://example.com/graphql/",
   appId: "42",
@@ -47,7 +46,6 @@ describe("APL", () => {
               saleor_app_id: "42",
               saleor_api_url: "https://example.com/graphql/",
               jwks: "{}",
-              domain: "example.com",
               token: "example-token",
             }),
             headers: {
@@ -129,7 +127,6 @@ describe("APL", () => {
               saleor_app_id: stubAuthData.appId,
               saleor_api_url: stubAuthData.saleorApiUrl,
               jwks: stubAuthData.jwks,
-              domain: stubAuthData.domain,
               token: stubAuthData.token,
             }),
           });
@@ -170,7 +167,6 @@ describe("APL", () => {
               saleor_app_id: stubAuthData.appId,
               saleor_api_url: stubAuthData.saleorApiUrl,
               jwks: stubAuthData.jwks,
-              domain: stubAuthData.domain,
               token: stubAuthData.token,
             }),
           });
@@ -219,7 +215,7 @@ describe("APL", () => {
                   saleor_app_id: "x",
                 },
                 {
-                  domain: "example2.com",
+                  domain: "example.com",
                   jwks: "{}",
                   token: "token2",
                   saleor_api_url: "https://example2.com/graphql/",
@@ -237,14 +233,12 @@ describe("APL", () => {
         expect(await apl.getAll()).toStrictEqual([
           {
             appId: "x",
-            domain: "example.com",
             jwks: "{}",
             saleorApiUrl: "https://example.com/graphql/",
             token: "token1",
           },
           {
             appId: "y",
-            domain: "example2.com",
             jwks: "{}",
             saleorApiUrl: "https://example2.com/graphql/",
             token: "token2",
@@ -285,7 +279,7 @@ describe("APL", () => {
                 previous: "https://example.com?page=1",
                 results: [
                   {
-                    domain: "example2.com",
+                    domain: "example.com",
                     jwks: "{}",
                     token: "token2",
                     saleor_api_url: "https://example2.com/graphql/",
@@ -303,14 +297,12 @@ describe("APL", () => {
         expect(await apl.getAll()).toStrictEqual([
           {
             appId: "x",
-            domain: "example.com",
             jwks: "{}",
             saleorApiUrl: "https://example.com/graphql/",
             token: "token1",
           },
           {
             appId: "y",
-            domain: "example2.com",
             jwks: "{}",
             saleorApiUrl: "https://example2.com/graphql/",
             token: "token2",

@@ -51,13 +51,11 @@ const mapAuthDataToAPIBody = (authData: AuthData) => ({
   saleor_app_id: authData.appId,
   saleor_api_url: authData.saleorApiUrl,
   jwks: authData.jwks,
-  domain: authData.domain,
   token: authData.token,
 });
 
 const mapAPIResponseToAuthData = (response: CloudAPLAuthDataShape): AuthData => ({
   appId: response.saleor_app_id,
-  domain: response.domain,
   jwks: response.jwks,
   saleorApiUrl: response.saleor_api_url,
   token: response.token,

@@ -13,7 +13,6 @@ const aplConfig: UpstashAPLConfig = {
 };
 
 const stubAuthData: AuthData = {
-  domain: "example.com",
   token: "example-token",
   saleorApiUrl: "https://example.com/graphql/",
   appId: "42",

@@ -22,7 +22,6 @@ const getMockAuthData = (saleorApiUrl = "https://demo.saleor.io/graphql"): AuthD
   appId: "foobar",
   saleorApiUrl,
   token: "token",
-  domain: "domain",
   jwks: "{}",
 });
 

@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
 
-import { SALEOR_AUTHORIZATION_BEARER_HEADER, SALEOR_DOMAIN_HEADER } from "../const";
+import { SALEOR_AUTHORIZATION_BEARER_HEADER } from "../const";
 import { AppBridge } from "./app-bridge";
 import { AppBridgeState } from "./app-bridge-state";
 import { createAuthenticatedFetch } from "./fetch";
@@ -35,9 +35,6 @@ describe("createAuthenticatedFetch", () => {
     const fetchCallArguments = spiedFetch.mock.lastCall;
     const fetchCallHeaders = fetchCallArguments![1]?.headers;
 
-    expect((fetchCallHeaders as Headers).get(SALEOR_DOMAIN_HEADER)).toBe(
-      "master.staging.saleor.cloud"
-    );
     expect((fetchCallHeaders as Headers).get(SALEOR_AUTHORIZATION_BEARER_HEADER)).toBe("XXX_YYY");
   });
 
@@ -59,9 +56,6 @@ describe("createAuthenticatedFetch", () => {
     const fetchCallArguments = spiedFetch.mock.lastCall;
     const fetchCallHeaders = fetchCallArguments![1]?.headers;
 
-    expect((fetchCallHeaders as Headers).get(SALEOR_DOMAIN_HEADER)).toBe(
-      "master.staging.saleor.cloud"
-    );
     expect((fetchCallHeaders as Headers).get(SALEOR_AUTHORIZATION_BEARER_HEADER)).toBe("XXX_YYY");
     expect((fetchCallHeaders as Headers).get("foo")).toBe("bar");
   });

@@ -1,10 +1,6 @@
 import { useMemo } from "react";
 
-import {
-  SALEOR_API_URL_HEADER,
-  SALEOR_AUTHORIZATION_BEARER_HEADER,
-  SALEOR_DOMAIN_HEADER,
-} from "../const";
+import { SALEOR_API_URL_HEADER, SALEOR_AUTHORIZATION_BEARER_HEADER } from "../const";
 import { AppBridge } from "./app-bridge";
 import { useAppBridge } from "./app-bridge-provider";
 
@@ -16,11 +12,10 @@ type HasAppBridgeState = Pick<AppBridge, "getState">;
 export const createAuthenticatedFetch =
   (appBridge: HasAppBridgeState, fetch = global.fetch): typeof global.fetch =>
   (input, init) => {
-    const { token, domain, saleorApiUrl } = appBridge.getState();
+    const { token, saleorApiUrl } = appBridge.getState();
 
     const headers = new Headers(init?.headers);
 
-    headers.set(SALEOR_DOMAIN_HEADER, domain);
     headers.set(SALEOR_AUTHORIZATION_BEARER_HEADER, token ?? "");
     headers.set(SALEOR_API_URL_HEADER, saleorApiUrl ?? "");
 

@@ -1,4 +1,3 @@
-export const SALEOR_DOMAIN_HEADER = "saleor-domain";
 export const SALEOR_EVENT_HEADER = "saleor-event";
 export const SALEOR_SIGNATURE_HEADER = "saleor-signature";
 export const SALEOR_AUTHORIZATION_BEARER_HEADER = "authorization-bearer";

@@ -52,7 +52,6 @@ describe("create-app-register-handler", () => {
      */
     expect(mockApl.set).toHaveBeenCalledWith({
       saleorApiUrl: "https://mock-saleor-domain.saleor.cloud/graphql/",
-      domain: "https://mock-saleor-domain.saleor.cloud/",
       token: "mock-auth-token",
       appId: "42",
       jwks: "{}",
@@ -122,7 +121,6 @@ describe("create-app-register-handler", () => {
 
       const expectedAuthData: AuthData = {
         token: "mock-auth-token",
-        domain: "https://mock-saleor-domain.saleor.cloud/",
         saleorApiUrl: "https://mock-saleor-domain.saleor.cloud/graphql/",
         jwks: mockJwksValue,
         appId: mockAppId,
@@ -134,7 +132,6 @@ describe("create-app-register-handler", () => {
         expect.anything(/* Assume original request */),
         expect.objectContaining({
           authToken: "mock-auth-token",
-          saleorDomain: "https://mock-saleor-domain.saleor.cloud/",
           saleorApiUrl: "https://mock-saleor-domain.saleor.cloud/graphql/",
         })
       );
@@ -186,7 +183,6 @@ describe("create-app-register-handler", () => {
 
       const expectedAuthData: AuthData = {
         token: "mock-auth-token",
-        domain: "https://mock-saleor-domain.saleor.cloud/",
         saleorApiUrl: "https://mock-saleor-domain.saleor.cloud/graphql/",
         jwks: mockJwksValue,
         appId: mockAppId,

@@ -4,11 +4,11 @@ import { withMethod } from "retes/middleware";
 import { Response } from "retes/response";
 
 import { AuthData } from "../../APL";
-import { SALEOR_API_URL_HEADER, SALEOR_DOMAIN_HEADER } from "../../const";
+import { SALEOR_API_URL_HEADER } from "../../const";
 import { createDebug } from "../../debug";
 import { fetchRemoteJwks } from "../../fetch-remote-jwks";
 import { getAppId } from "../../get-app-id";
-import { withAuthTokenRequired, withSaleorDomainPresent } from "../../middleware";
+import { withAuthTokenRequired } from "../../middleware";
 import { HasAPL } from "../../saleor-app";
 import { validateAllowSaleorUrls } from "./validate-allow-saleor-urls";
 
@@ -134,7 +134,6 @@ export const createAppRegisterHandler = ({
     debug("Request received");
 
     const authToken = request.params.auth_token;
-    const saleorDomain = request.headers[SALEOR_DOMAIN_HEADER] as string;
     const saleorApiUrl = request.headers[SALEOR_API_URL_HEADER] as string;
 
     if (onRequestStart) {
@@ -144,7 +143,6 @@ export const createAppRegisterHandler = ({
         await onRequestStart(request, {
           authToken,
           saleorApiUrl,
-          saleorDomain,
           respondWithError: createCallbackError,
         });
       } catch (e: RegisterCallbackError | unknown) {
@@ -218,7 +216,6 @@ export const createAppRegisterHandler = ({
     }
 
     const authData = {
-      domain: saleorDomain,
       token: authToken,
       saleorApiUrl,
       appId,
@@ -288,10 +285,5 @@ export const createAppRegisterHandler = ({
     return Response.OK(createRegisterHandlerResponseBody(true));
   };
 
-  return toNextHandler([
-    withMethod("POST"),
-    withSaleorDomainPresent,
-    withAuthTokenRequired,
-    baseHandler,
-  ]);
+  return toNextHandler([withMethod("POST"), withAuthTokenRequired, baseHandler]);
 };
@@ -56,7 +56,6 @@ describe("processSaleorProtectedHandler", () => {
 
     expect(await processSaleorProtectedHandler({ apl: mockAPL, req: mockRequest })).toStrictEqual({
       authData: {
-        domain: mockAPL.workingSaleorDomain,
         token: mockAPL.mockToken,
         saleorApiUrl: mockAPL.workingSaleorApiUrl,
         appId: mockAPL.mockAppId,

@@ -160,7 +160,6 @@ describe("processAsyncSaleorWebhook", () => {
     ).resolves.toStrictEqual({
       authData: {
         appId: "mock-app-id",
-        domain: "example.com",
         jwks: "{}",
         saleorApiUrl: "https://example.com/graphql/",
         token: "mock-token",

@@ -16,7 +16,6 @@ const debug = createDebug("processSaleorWebhook");
 export type SaleorWebhookError =
   | "OTHER"
   | "MISSING_HOST_HEADER"
-  | "MISSING_DOMAIN_HEADER"
   | "MISSING_API_URL_HEADER"
   | "MISSING_EVENT_HEADER"
   | "MISSING_PAYLOAD_HEADER"

@@ -65,7 +65,6 @@ describe("SaleorAsyncWebhook", () => {
       payload: { data: "test_payload" },
       schemaVersion: 3.19,
       authData: {
-        domain: "example.com",
         token: "token",
         jwks: "",
         saleorApiUrl: "https://example.com/graphql/",

@@ -17,7 +17,6 @@ describe("SaleorSyncWebhook", () => {
       payload: { data: "test_payload" },
       schemaVersion: 3.19,
       authData: {
-        domain: mockApl.workingSaleorDomain,
         token: mockApl.mockToken,
         jwks: mockApl.mockJwks,
         saleorApiUrl: mockApl.workingSaleorApiUrl,

@@ -39,7 +39,6 @@ export interface WebhookConfig<Event = AsyncWebhookEventType | SyncWebhookEventT
 export const WebhookErrorCodeMap: Record<SaleorWebhookError, number> = {
   OTHER: 500,
   MISSING_HOST_HEADER: 400,
-  MISSING_DOMAIN_HEADER: 400,
   MISSING_API_URL_HEADER: 400,
   MISSING_EVENT_HEADER: 400,
   MISSING_PAYLOAD_HEADER: 400,

@@ -1,7 +1,6 @@
 import {
   SALEOR_API_URL_HEADER,
   SALEOR_AUTHORIZATION_BEARER_HEADER,
-  SALEOR_DOMAIN_HEADER,
   SALEOR_EVENT_HEADER,
   SALEOR_SCHEMA_VERSION,
   SALEOR_SIGNATURE_HEADER,
@@ -17,7 +16,6 @@ const toFloatOrNull = (value: string | string[] | undefined) =>
  * Extracts Saleor-specific headers from the response.
  */
 export const getSaleorHeaders = (headers: { [name: string]: string | string[] | undefined }) => ({
-  domain: toStringOrUndefined(headers[SALEOR_DOMAIN_HEADER]),
   authorizationBearer: toStringOrUndefined(headers[SALEOR_AUTHORIZATION_BEARER_HEADER]),
   signature: toStringOrUndefined(headers[SALEOR_SIGNATURE_HEADER]),
   event: toStringOrUndefined(headers[SALEOR_EVENT_HEADER]),