[nextjs][create-content-sdk-app] Fix cross-origin editing cookies#520
Open
glorynguyen wants to merge 3 commits into
Open
[nextjs][create-content-sdk-app] Fix cross-origin editing cookies#520glorynguyen wants to merge 3 commits into
glorynguyen wants to merge 3 commits into
Conversation
… draft mode detection on Vercel - Patch editing cookies with SameSite=None; Secure in createEditingRenderRouteHandlers for cross-origin iframe compatibility - Add cookie patching wrapper in App Router template route handlers as defense-in-depth - Add fallback editing detection via URL searchParams when draftMode() returns false on serverless platforms - Update both nextjs-app-router and nextjs-app-router-cache-components templates
🦋 Changeset detectedLatest commit: 5c968d2 The changes in this PR will be included in the next version bump. This PR includes changesets to release 2 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
glorynguyen
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description / Motivation
When the Content SDK Next.js App Router template is deployed to Vercel (or other serverless platforms), XM Cloud editing mode breaks completely:
__prerender_bypass,sc_mode, etc.) use defaultSameSite=Lax, which browsers block inside the cross-origin XM Cloud editor iframe (pages.sitecorecloud.io→ rendering host)draftMode().isEnabledreturnsfalseinpage.tsxbecause draft cookies don't propagate between Vercel serverless functionsThis PR fixes both issues at two levels:
createEditingRenderRouteHandlers()now patches all editing cookies withSameSite=None; SecuresearchParamsas fallback whendraftMode()failsEditing on localhost remains unaffected.
Testing Details
All 10 packages pass
yarn test-packages(799 nextjs tests pass).yarn lint-packagespasses with 0 errors.yarn api-extractor:verifypasses with no public API surface changes. Manual verification: deploy to Vercel, open page in XM Cloud editor, confirm editing cookies showSameSite=None; Securein DevTools, confirm page renders in editing mode.Types of changes