Safari "Block all cookies" setting breaks JavaScript scripts

krzksz commented 6 years ago

Preconditions

Magento 2.2.2 but potentially all versions are affected
Block all cookies setting enabled in Safari privacy options.

Steps to reproduce

Open Safari browser and go to Preferences
In Privacy tab enable Block all cookies setting.
Open any Magento shop.

Expected result

At least the popup with "cookies disabled" message is being displayed.

Actual result

There are multiple SecurityError (DOM Exception 18): The operation is insecure. errors reported in browser's console, some of the scripts work but I can't add anything to the cart.

So it seems like having above setting enabled in Safari will result in above error every time any script is trying to access either window.localStorage or window.sessionStorage including reassigning it. As a result following lines throw errors and most probably prevent shop from functioning properly: https://github.com/magento/magento2/blob/c06da29dbf8cbbab5bb40ad690563b5554e78c60/app/code/Magento/Theme/view/frontend/templates/js/polyfill.phtml#L128 https://github.com/magento/magento2/blob/9c14af7a97bcf338662de365d2613c7ca9dbf8c6/app/code/Magento/Ui/view/base/web/js/lib/core/storage/local.js#L14

and also this part of https://github.com/magento/magento2/blob/2.2-develop/lib/web/jquery/jquery.storageapi.min.js:

    function f(e) {
        if (!window[e]) // Error thrown here
            return !1;
        var t = "jsapi";
        try {
            return window[e].setItem(t, t), window[e].removeItem(t), !0
        } catch (r) {
            return !1
        }
    }

I am not sure what would be your preferred solution to this problem but I can gladly prepare a PR when we agree on how we should solve it 👍 .

VladimirZaets commented 6 years ago

Hi @krzksz, Magento can't correctly work in the case when cookies are disabled, but I agree that we should give some notification to the user about it. I think the solution with notification in modal window is ok. We should add JS script that will check cookie state when JS application is bootstrapping, for this we can use "cookieEnabled" property in navigation object.

ishakhsuvarov commented 6 years ago

Hi @krzksz Are you still interested in preparing a PR for this case?

raulvOnestic91 commented 4 years ago

@magento i am working on it

m2-assistant[bot] commented 4 years ago

Hi @raulvOnestic91! :wave: Thank you for joining. Please accept team invitation :point_right: here :point_left: and self-assign the issue.

m2-assistant[bot] commented 4 years ago

Hi @raulvOnestic91. Thank you for working on this issue. Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:

[ ] 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.
[ ] 2. Verify that the issue is reproducible on 2.3-develop branch
Details
- Add the comment @magento give me 2.3-develop instance to deploy test instance on Magento infrastructure.
- If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
- If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!
[ ] 3. If the issue is not relevant or is not reproducible any more, feel free to close it.

Join Magento Community Engineering Slack and ask your questions in #github channel.

slavvka commented 4 years ago

Hi @krzksz. Thank you for your report. The issue has been fixed in magento/magento2#25324 by @raulvOnestic91 in 2.4-develop branch Related commit(s):

The fix will be available with the upcoming 2.4.0 release.

magento / magento2