Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

One time Cookie Notice #65

Open
ArchBlood opened this issue Nov 3, 2023 · 11 comments
Open

One time Cookie Notice #65

ArchBlood opened this issue Nov 3, 2023 · 11 comments
Assignees
Labels
bug Something isn't working

Comments

@ArchBlood
Copy link
Contributor

Currently when you visit a HumHub instance with cookie notice enabled you have to accept each time you visit the site.

@ArchBlood
Copy link
Contributor Author

Seems that this issue only happens on the community site;

https://community.humhub.com/dashboard

@luke-
Copy link
Collaborator

luke- commented Nov 27, 2023

Hmm, I cannot reproduce this on our community. The notice does not appear again for me.

@ArchBlood
Copy link
Contributor Author

Latest version of Chrome on Windows 11 it appears every time I visit the community site, but no other HumHub instance have I seen this happen.
Screenshot_1

It also apparently shows up every time the page is refreshed as well. 🤔

@felixhahnweilheim
Copy link
Contributor

I have the same as @ArchBlood on my phone (Android 13) with Chrome, and (Chrome-based) PWA.

@ArchBlood
Copy link
Contributor Author

I have the same as @ArchBlood on my phone (Android 13) with Chrome, and (Chrome-based) PWA.

I can confirm that the issue is also happening on Chrome mobile browser as well.

@luke- luke- added the bug Something isn't working label Nov 27, 2023
@luke-
Copy link
Collaborator

luke- commented Nov 27, 2023

@yurabakhtin Can you please take a look into it?

@yurabakhtin
Copy link
Contributor

yurabakhtin commented Nov 27, 2023

@luke- I have the same bug today when I open https://community.humhub.com in Chrome on Windows 11.

I find 2 cookie records:

cookies

If manually remove the 2 records then it works as expected, i.e. after first click "Got it!" the cookie block is hidden and doesn't appears again.
I cannot find how the record with domain .humhub.com was created there.
Locally I tried to reproduce the issue by the following steps:

  • open the same site from alias.humhub.local and from humhub.local
  • after accept cookie on the first site I see a cookie record cookieconsent_status | alias.humhub.local and cookie block is hidden
  • after accept cookie on the second site I see a cookie record cookieconsent_status | humhub.local and cookie block is hidden
  • the cookie records are visible only on own sites as expected
  • If I create a new record with data cookieconsent_status | .humhub.local on any of these sites manually then I see the cookie blocks again and they cannot be hidden by click on the accept button, they can be hidden only after deleting the record .humhub.local.

The cookie block is initialized by this JS library https://www.osano.com/cookieconsent/documentation/javascript-api/
I tried to set cookie.domain to humhub.local then cookie record is created for domain .humhub.local and the cookie block is hidden after accept button clicking and doesn't appear after page reloading.
If set cookie.domain to alias.humhub.local then cookie record is created for domain .alias.humhub.local and this solution works only for the site alias.humhub.local.
It would be good the JS library set cookie domain without adding a dot before provided domain name, because I am not sure we can allow accept cookies for all sub sites when it was accepted on root domain.

@ArchBlood
Copy link
Contributor Author

Can't we just use something like this to set the cookie domain?

// Set the cookie to a specific domain
$cookieDomain = \yii\helpers\Url::base()'; // Replace 'yourdomain.com' with your desired domain
setcookie('cookieconsent_status', 'accepted', time() + 31536000, '/', $cookieDomain, false, true);

Or something like the following?

        // Get the current site's domain
        $currentDomain = Yii::$app->request->hostInfo;

        // Set the cookie using Yii's response component
        $response = Yii::$app->response;
        $response->cookies->add(new \yii\web\Cookie([
            'name' => 'cookieconsent_status',
            'value' => 'accepted',
            'expire' => time() + 31536000,
            'path' => '/',
            'domain' => $currentDomain,
            'httpOnly' => true,
            'secure' => true, // Set to true if your site uses HTTPS
        ]));

We should be able to do this in /widgets/CookieNote.php

@ArchBlood
Copy link
Contributor Author

Another option would be the following;

<?php

namespace humhub\modules\legal\widgets;

use humhub\components\Widget;
use humhub\modules\legal\models\Page;
use Yii;
use yii\web\HttpException;

/**
 * Class CookieNote
 * @package humhub\modules\legal\widgets
 */
class CookieNote extends Widget
{
    public function run()
    {
        $page = Page::getPage(Page::PAGE_KEY_COOKIE_NOTICE);
        if ($page === null) {
            return "";
        }

        // Get the current site's domain
        $currentDomain = Yii::$app->request->hostInfo;

        // Extract the root domain to cover all subdomains and aliases
        $rootDomain = $this->getRootDomain($currentDomain);

        // Set the cookie using Yii's response component
        $response = Yii::$app->response;
        $response->cookies->add(new \yii\web\Cookie([
            'name' => 'cookieconsent_status',
            'value' => 'accepted',
            'expire' => time() + 31536000,
            'path' => '/',
            'domain' => $rootDomain,
            'httpOnly' => true,
            'secure' => true, // Set to true if your site uses HTTPS
        ]));

        return $this->render('cookies', ['page' => $page]);
    }

    // Function to extract the root domain from a given domain
    private function getRootDomain($domain)
    {
        $domainParts = explode('.', $domain);
        $partsCount = count($domainParts);
        if ($partsCount > 2) {
            // Construct the root domain for subdomains or alias domains
            $rootDomain = $domainParts[$partsCount - 2] . '.' . $domainParts[$partsCount - 1];
            return '.' . $rootDomain;
        }
        return $domain; // Return original domain if it's already a root domain
    }
}

Although I've not tested this specific method.

@yurabakhtin
Copy link
Contributor

@ArchBlood Thank you for the help, but the problem was from JS side.
@luke- Fixed in PR #66:

cookie

This fix will hides the cookie consent window on all browsers even if they still have two records for root domain and for the strange records with domain like .domain.com

I have compared the JS method getCookie from here https://github.com/osano/cookieconsent/blob/dev/src/bundle.js#L2739-L2743:

const getCookie = name => {
  const value = ' ' + document.cookie;
  const parts = value.split(' ' + name + '=');
  return parts.length < 2 ? undefined : parts.pop().split(';').shift();
};

and from the humhub file version:

getCookie: function (e) {
    var t = "; " + document.cookie,
        i = t.split("; " + e + "=");
    return 2 != i.length ? void 0 : i.pop().split(";").shift();
},

so the difference was between parts.length < 2 and 2 != i.length

My fix is a manual updating only of the code, because I tried to use new version completely from here https://github.com/osano/cookieconsent/blob/dev/build/cookieconsent.min.js and I updated the initialisation code from window.cookieconsent.initialise({ to new new window.CookieConsent({, but I don't understand why when press to accept I don't find that cookie record is created in my browser, so the cookie consent window appears again and again after page reloading.

@luke-
Copy link
Collaborator

luke- commented Nov 28, 2023

@yurabakhtin Thanks.

I'll keep this issue open, because we should find a better solution in future, instead of fixing the minifed version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants