Changes in /password page

Hi,

Has there been any recent update or change to the /password page on storefronts? We’ve been experiencing an issue with our app since this morning, as the /password page is no longer behaving as it used to.

Any insights or assistance would be greatly appreciated!

Hi Simon,

Can you share more details on the behaviour you’re seeing?

Hey @Simon_sj, I saw this come up with a notification and I was curious how you were using it before, which would help better identify what may have changed causing your approach to no longer work for you.

Thanks for the quick replies!

We were previously relying on the /password endpoint by sending a POST request with password=pwd in the body. If the password was correct, the response would include a Set-Cookie header, which we then used for subsequent authenticated storefront requests.

As of this morning, that behavior no longer seems to work—the cookie is not being returned, even with the correct password.

Any idea if this behavior has changed recently?

So you’re not really using the Shopify API, you’re running a script on a theme’s password page that mimics adding the password? And now that password is not being saved as a cookie?

It seems like they are sending a POST request to /password that was returning with a cookie set they could then access for further functionality. They were never loading the password page and interacting with it directly.

Likely an undocumented use case that probably should not have been relied on.

That said, if it is something that could be put back then their functionality should work again.

I am assuming it may have been removed for security reasons.