[Bug] - Cookies used prior to consent given

microsoft / clarity

A behavioral analytics library that uses dom mutations and user interactions to generate aggregated insights.

https://clarity.microsoft.com

MIT License

2.16k stars 214 forks source link

[Bug] - Cookies used prior to consent given #567

Open mmonteiroc opened 7 months ago

mmonteiroc commented 7 months ago

Clarity version: v0.7.26

We are implementing clarity in our app, and as you can see in the following screenshots, the cookies are set before consent to clarity has given.

  const clarity = window.clarity;
  if (!!clarity) {
    clarity('consent');
  }

Now, we are aware that cookies are empty, and only filled with a value when consent is given. And erased the value when the consent is removed, but we would expect for the cookies to be erased / not used until consent is granted, instead of using them "empty"

mmonteiroc commented 7 months ago

Also mention, that when we give consent, everything works.

When we use "clarity('consent', false)", the same thing happens ( cookies remain, but with empty value )

mmonteiroc commented 7 months ago

As an add on, we just discovered that the MUID cookie is added before the consent is given.

Either this cookie should be flagged as "strictly necessary" ( so that we can comunicate this to our customers ) or it should only be added once the consent has been given

System is the same one as previously mentioned, where cookies are disabled by default, and the consent is notified like this window.clarity('consent')