feat(clerk-js,ui,shared): Add Safari ITP decorateUrl workaround to setActive

[nikosdouvlis]

Description

Why:
Safari's Intelligent Tracking Prevention (ITP) caps cookies set via fetch/XHR
to 7 days. When users switched from redirectUrl to the navigate callback pattern,
the existing ITP workaround (via /v1/client/touch endpoint) stopped working
because the touch endpoint logic only ran in the redirectUrl branch.

What changed:

• Added decorateUrl function to the navigate callback that wraps URLs with the
  touch endpoint when Safari ITP fix is needed (client.isEligibleForTouch())
• Updated SetActiveNavigate type signature to include decorateUrl parameter
• Added dev-mode warning when decorateUrl is not called but ITP fix is needed
• Updated all internal usages in SignIn, SignUp, and SessionTasks components
  to pass decorateUrl through navigateOnSetActive

Context:
The decorateUrl may return an external URL (https://...) when ITP fix is needed,
requiring window.location.href instead of client-side navigation. This pattern
is documented in the type definitions.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

Release Notes

• New Features

  • Added URL decoration support for improved Safari session handling, addressing tracking prevention restrictions.
  • Enhanced navigation callbacks with decorateUrl parameter for URL wrapping when needed.

• Tests

  • Added integration tests for Safari ITP behavior validation.
  • Added unit tests for URL decoration functionality.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4ebca17

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jan 20, 2026 11:43am

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces Safari ITP (Intelligent Tracking Prevention) support by adding a decorateUrl callback to Clerk's setActive navigate flow. The changes include a new integration test suite for Safari ITP behavior, unit tests for decorateUrl functionality, core logic providing decorateUrl to the navigate callback, updated type signatures for SetActiveNavigate, and propagation of decorateUrl through UI components and context layers. The decorateUrl function wraps URLs with a touch-based workaround when eligible; contexts check if decorated URLs are external and perform full-page navigation via window.location.href when needed.

Possibly related PRs

• feat(clerk-js): Introduce navigate for setActive #6486: Introduced the navigate callback and task-aware navigation surface that this PR builds upon by adding the decorateUrl wrapper for Safari ITP touch handling.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding a Safari ITP decorateUrl workaround to the setActive function, which is the primary objective across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7623

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7623

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7623

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7623

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7623

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7623

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7623

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7623

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7623

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7623

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7623

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7623

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7623

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7623

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7623

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7623

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7623

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7623

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7623

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7623

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7623

commit: 4ebca17