-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix cookies not deleting on opt-out #5338
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Skipped Deployment
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neat! Thanks!
I'm curious, was the js-cookie
library not working for removing these if we passed the same domains?
fides Run #10468
Run Properties:
|
Project |
fides
|
Run status |
Passed #10468
|
Run duration | 00m 38s |
Commit |
3e80c67836 ℹ️: Merge dadabee99f86effa25aa50719c92266784e10a13 into 88a32f00b57b3bc29b7c638fb0d9...
|
Committer | jpople |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
0
|
Pending |
0
|
Skipped |
0
|
Passing |
4
|
Upgrade your plan to view test results. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good @jpople ! In addition to my comment below:
Could we add a test that basically asserts we do not support cookie deletion for compass cookies yet, and link to https://ethyca.atlassian.net/browse/PROD-2830 as the follow-up? E.g. when cookie domain is ["google.com", "googleadservices.com"]'
cookie removal won't work.
If that's gonna take too much time, I'd say just leave a link to the PROD ticket in the cookie removal logic 👍
clients/privacy-center/app/server-utils/loadEnvironmentVariables.ts
Outdated
Show resolved
Hide resolved
@eastandwestwind I added a test case to cover a cookie with a passed-in domain, but the tests on |
…ion to write false initial val for existing customers
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5338 +/- ##
==========================================
+ Coverage 85.56% 85.57% +0.01%
==========================================
Files 379 379
Lines 23982 23985 +3
Branches 2623 2623
==========================================
+ Hits 20520 20526 +6
+ Misses 2910 2907 -3
Partials 552 552 ☔ View full report in Codecov by Sentry. |
…cookie-deletion-bug
…cookie-deletion-bug
clients/admin-ui/src/features/privacy-experience/PrivacyExperienceForm.tsx
Show resolved
Hide resolved
fides Run #10470
Run Properties:
|
Project |
fides
|
Run status |
Passed #10470
|
Run duration | 00m 42s |
Commit |
7591e3fb38: Fix cookies not deleting on opt-out (#5338)
|
Committer | jpople |
View all properties for this run ↗︎ |
Test results | |
---|---|
Failures |
0
|
Flaky |
0
|
Pending |
0
|
Skipped |
0
|
Passing |
4
|
Upgrade your plan to view test results. |
Co-authored-by: eastandwestwind <eastandwestwind@gmail.com>
Closes PROD-2822
Associated fidesplus PR- https://github.com/ethyca/fidesplus/pull/1653
Description Of Changes
Fixes a bug where cookies were not being deleted when a user opted out due to js-cookie attempting to exactly match a provided domain even when it was
null
.Adds a new field on privacyexperienceconfig table,
auto_subdomain_cookie_deletion
; whentrue
, opting out will cause cookies from subdomains (prefixed with.
s) to be deleted as well as cookies from the top-level domain.Note that I've manually tested the migration using the following steps:
auto_subdomain_cookie_deletion
wasfalse
was
true` ✅Code Changes
auto_subdomain_cookie_deletion
to "false" for existing privacy experience configsSteps to Confirm
Test using local fides-js against a staging Ethyca site which GETs localhost:3001 for fides-js.
Run the associated Fidesplus branch (this is pointed to the
aa28ea20aeee81d4f73db25538af5413718b9ef1
fides commit since there are BE changes here)Toggle the
auto_subdomain_cookie_deletion
field on your privacy experience tofalse
:ethyca.com
, not subdomain cookies with domain of.ethyca.com
Toggle
auto_subdomain_cookie_deletion
on your privacy experience totrue
and re-run, then:Pre-Merge Checklist
CHANGELOG.md