Not fit for purpose

[brianteeman]

So I spent two days working on this PR. Reporting over 20 issues and submitting 15 pull requests for what I could.

What an idiot I am. I foolishly assumed that the cookie manager was usable and it just needed polishing - how wrong I was.

Now that I have found the videos for this component #8 I can now see exactly what the component does. Or to be more accurate I can see what it doesn't do. On what planet were the gsoc mentors living when they didnt see the fundamental problems.

The only thing that this cookiemanager can do is

1. display a reasonably nice popup that will list the cookies you have manually found that your site is using and you have manually added to the list
2. Store if a user accepts or reject a category of cookies
3. what it can not do is actually block any cookies

Then we have the scripts menu and this one is actually slightly more useful.

1. The script is only inserted if it is in a category that you allow
2. There is however no connection between the script and the cookies. So you can either insert a script or not. You can not block an individual cookie

Now we get to the really screwed up part that I can not believe the mentors never picked up on.
You can only control a script that is inserted by the cookie manager.
Any other way of adding the script is ignored by the cookie manager

Lets think about that for a second. the cookie manager can do nothing at all with any existing script or any extension that adds a script

So what does this mean for a site owner

1. Any script managed by the cookiemanager will be inserted without a nonce
2. Any script managed by the cookiemanager will be inserted on every page
3. You need to remove the script from your extension and add it to the cookie manager

Lets take a really basic example of google analytics.

1. Analytics added by an existing ga plugin can not be blocked by the cookie manager
2. Analytics added by an existing template that just asks for your gtag UA can not be blocked by the cookie manager

Now lets look at one of the examples shown in the video for inserting an iframe of a video from youtube. This will only work if the content creator embeds the video in the article and pastes the exact same video link in the scripts section of the cookiemanager.

Not only is this duplicated work its also obviously totally impractical making the feature unusable.

In summary - this code is as useful as a chocolate teapot