Koa.js: ctx.setcookie() fails to set cookie

Question

In my server.js code below I am setting up a middleware that should pass through Shopify OAuth and then redirect to the / route.

The '/' route, and its redirect url, are loaded in an iframe inside the shopify Admin area. I do see the page that / redirects to. But no cookies are present.

Related to the cookie settings, I am accessing this route in a web browser and on a secure https connection.

I am using Google Chrome Version 79.0.3945.88 (Official Build) (64-bit). I'm also using EditThisCookie browser extension to see the cookies that are present for the domain.

Can anyone tell why the cookies I am trying to set in server.js are failing to set?

import "isomorphic-fetch";
require("dotenv").config();

import Koa from "koa";
import Router from "koa-router";
import session from "koa-session";
import authorizeForShopify, {verifyRequest} from "@shopify/koa-shopify-auth";

const koa = new Koa();
const router = new Router();

const {SHOPIFY_BUYUSED_API_KEY, SHOPIFY_BUYUSED_API_SECRET, SHOPIFY_BUYUSED_SCOPES} = process.env;

koa.keys = [SHOPIFY_BUYUSED_API_SECRET];
koa.use(session({secure: true, sameSite: "none"}, koa));


////// Shopify OAuth //////
koa.use(authorizeForShopify({
  apiKey : SHOPIFY_BUYUSED_API_KEY
  , secret : SHOPIFY_BUYUSED_API_SECRET
  , scopes : SHOPIFY_BUYUSED_SCOPES.split(",")
  , afterAuth(ctx: Koa.Context): void {
    console.log(`=====inside afterAuth()=====`); // I don't see this log statement
    const {shop, accessToken} = ctx.session;

    console.log({ // also I do not see this one
      message : "from inside afterAuth()"
      , shop
      , accessToken
    });

    // cookie setting
    const cookieOptions = { 
      httpOnly: true,
      secure: true,
      signed: true,
      overwrite: true
    };

    // neither cookie is present in EditThisCookie
    ctx.cookie.set("buyUsed_shopName", shop, cookieOptions);
    ctx.cookie.set("buyUsed_generalToken", accessToken, cookieOptions);


    ctx.redirect("/");
  }
}));


////// Routing //////

router.get('/', async ctx => {
  // ctx.body = "Koa server running, '/' route triggered"
  ctx.redirect("https://storage.cloud.google.com/buy_used/consoleLog.js");
});


koa.use(verifyRequest());

koa.use(router.routes())
  .use(router.allowedMethods());

const port: number = Number(process.env.PORT) || 8080;

koa.listen(port, undefined, undefined, () => console.log(`=====Koa listening on port ${port.toString()}=====`));

Answer 1

In the case of Koa, the methods to work with cookies are ctx.cookies.get and ctx.cookies.set. Thus, the lines should be changed to:

// neither cookie is present in EditThisCookie
ctx.cookies.set("buyUsed_shopName", shop, cookieOptions);
ctx.cookies.set("buyUsed_generalToken", accessToken, cookieOptions);

Answer 2

It works when setting, "secureProxy: true"

ctx.cookies.set('jwt', token, { httpOnly: true, secure: true, sameSite: "none", secureProxy: true });