search

pressidium / pressidium-cookie-consent

🍪 Lightweight, user-friendly and customizable cookie consent banner to help you comply with the EU GDPR cookie law and CCPA regulations.
https://wordpress.org/plugins/pressidium-cookie-consent/
GNU General Public License v2.0
43 stars 3 forks source link

A suggestion, a query and... a bug? #43

Closed formaciongrafica closed 7 months ago

formaciongrafica commented 7 months ago

Hello Konstantinos Let's go with the three issues :)

The suggestion... Using the plugin I have seen that it does not have options for the hover color of the primary and secondary button texts. In some cases this can generate accessibility problems due to the low contrast between the background colors and texts of the hover states of these buttons.

The query... I can't block local cookies (such as _lscache_vary and others), neither with the script URL, nor with Regex. Could you provide me with an example, beyond those provided in the screenshots? I have tried replicating the Regular Expressions, literally, and I have generated my own (with and without https, with and without www) such as ^https:\/\/www.formaciongrafica.net.* but the plugins do not block, nor are they deleted when changing the cookie options in the plugin.

A bug? When I clear the LiteSpeed cache, while editing the Pressidium options, on several occasions the Pressidium plugin is misconfigured and does not correct itself even if I force it to update.

I hope I have not been too extensive or have made an off-topic query.

Thanks again. Placido.

PS: I attach screenshots describing each case sequentially

Pressidium Screenshots.zip

formaciongrafica commented 7 months ago

Ps: The contrast problem is in order to comply with the GDPR, offering designs on both buttons so that they do not induce the user to choose one option over another.

The possible bug leads to all previous plugin configurations being lost.

Thank you!

over-engineer commented 7 months ago

Hey, @formaciongrafica!

Thank you once again for your valuable feedback!

I’ve opened a couple of issues so we can track each one separately. Make sure to turn on your notifications for:

I can't block local cookies (such as _lscache_vary and others), neither with the script URL, nor with Regex. Could you provide me with an example, beyond those provided in the screenshots? I have tried replicating the Regular Expressions, literally, and I have generated my own (with and without https, with and without www) such as ^https://www.formaciongrafica.net.* but the plugins do not block, nor are they deleted when changing the cookie options in the plugin.

Regarding the issue you’re experiencing with blocking cookies/scripts, could you please provide more information?

If possible, include your plugin settings — either through screenshots of the “Cookies” and “Blocked Scripts” tabs, or by exporting and attaching the JSON file.

formaciongrafica commented 7 months ago

Hello Konstantinos

I have tried the blocking in 3 installations, and in none of them have I been able to block the necessary cookies, so I understand that it is not a problem of incompatibility between plugins. If it helps at all, I share the list of cookies published at this url: https://www.formaciongrafica.net/politica-de-cookies/ where I left the plugin to force the blocking of the LiteSpeed plugin, with no results. Regarding the codes, I have tried several, but none of them have worked for me, so I could not share a specific one with you, using the normal url (formaciongrafica.net) and its variants, in addition to the corresponding versions with regular expressions (such as: ^https:\/\/www.formaciongrafica.net.* )

Any clue about this?

Thank you very much again Konstantinos! Placido.

formaciongrafica commented 7 months ago

PS: If you think a Zoom meeting is necessary, we would be happy to coordinate it.

over-engineer commented 7 months ago

Could you provide an example of a cookie and the script that sets it?

For example,

Cookies tab

Name Domain Expiration Path Description Is Regex?
_gid formaciongrafica.net 1 day / Google Analytics to store and count pageviews. No
_ga formaciongrafica.net 2 years / Google Analytics to store and count pageviews. No

Blocked Scripts tab

Script source Cookie Category Is Regex?
^(?:https?:)?\/\/(?:www\.)?google-analytics\.com Analytics Yes

Having a specific case would help us to investigate this.

Additionally, if possible, go to wp-admin → Cookie Consent, click the “Export Settings” button, which is located at the bottom-right corner of the settings panel. Then, attach the exported JSON file.

formaciongrafica commented 7 months ago

Hello Konstantinos

Trying to configure the plugin I managed to reproduce the bug (unintentionally).

The stage? Editing the origins of the blocked scripts I added the Graphic Training address using Regex: ^(?:https?:)?\/\/(?:www.)?formaciongrafica.net Could that be the origin of the problem? (I have attached the latest ones in this message and some screencaptures)

At this point I left the plugin disabled. If you think it is appropriate, I am at your disposal (+51 992386197) in case you need a Zoom meeting and work on the server logs or do the tests you need. I do not have the option to export the plugin configuration because, when I reinstall it, all previous values are lost.

Greetings and thanks again! Placido.

Pressidium Plugin Error.zip

over-engineer commented 7 months ago

Hey, @formaciongrafica!

Let’s take things one at a time:

Editing the origins of the blocked scripts I added the Graphic Training address using Regex: ^(?:https?:)?//(?:www.)?formaciongrafica.net

That doesn’t seem quite right for a number of reasons:

Take a look at:

I do not have the option to export the plugin configuration because, when I reinstall it, all previous values are lost.

During troubleshooting, consider deactivating the plugin instead of uninstalling it to avoid losing your configuration.

You could also periodically backup your configuration by exporting it as a JSON file.

Pressidium Plugin Error.zip

Please note that the ZIP file you’ve included doesn’t seem related to this issue (I think you’ve meant to include it in #45)

Without the previously requested information, I can’t really help you troubleshoot this any further.

formaciongrafica commented 7 months ago

Hello Konstantinos

I tried blocking only two cookies, putting three cookies in the list, Pressidium Consent as required and _lscache_vary and wpforo_browser_timezone as analytics, to test regular expressions with them.

The result is that, while the wpforo plugin is blocked, the LightSpeed Caché plugin is not blocked, I suppose due to the way this cookie is served or generated.

I haven't tried other cookies because I considered the experiment enough to suspect that the problem was occurring with lscache_vary and iframes cookies only.

I attach the json file with the plugin configuration, two screenshots, and the link to a video (my apologies for my English) where I show you the behavior achieved with the LiteSpeed Cache cookie (_lscache_vary):

https://www.loom.com/share/4ab10430610d43bc972d67b002e875e7

pressidium-cookie-consent-settings_2023-12-11_09-40-12.json

Thank you again! Plácido.

Pressidium Cookies

Pressidium Blocked Scripts

over-engineer commented 7 months ago

Hey, @formaciongrafica!

Thanks for providing all the relevant information, complete with the JSON configuration and even a screen recording — it’s incredibly helpful.

the LightSpeed Caché plugin is not blocked, I suppose due to the way this cookie is served or generated.

Yes, I can confirm that the LightSpeed Cache plugin sets the _lscache_vary cookie by sending a Set-Cookie HTTP response header. So, blocking any JavaScript file(s) won’t prevent it from setting that cookie.

We’ll look into implementing a new feature to conditionally block the sending of Set-Cookie headers. I’ve opened #49 to track that.

For reference, here’s a code snippet including the Vary::_cookie() method, which seems to be responsible for setting the _lscache_vary cookie:

private static $_vary_name = '_lscache_vary'; // this default vary cookie is used for logged in status check

// …

/**
 * Set the vary cookie.
 *
 * If vary cookie changed, must set non cacheable.
 *
 * @since 1.0.4
 * @access private
 * @param integer $val The value to update.
 * @param integer $expire Expire time.
 * @param boolean $path False if use wp root path as cookie path
 */
private function _cookie($val = false, $expire = false, $path = false)
{
    if (!$val) {
        $expire = 1;
    }

    /**
     * Add HTTPS bypass in case clients use both HTTP and HTTPS version of site
     * @since 1.7
     */
    $is_ssl = $this->conf(Base::O_UTIL_NO_HTTPS_VARY) ? false : is_ssl();

    setcookie(self::$_vary_name, $val, $expire, $path ?: COOKIEPATH, COOKIE_DOMAIN, $is_ssl, true);
}

suspect that the problem was occurring with lscache_vary and iframes cookies only.

Given that the wpforo_browser_timezone cookie was successfully blocked, I share your suspicion. So, we’ll need to handle those cases separately:

I think we’ve covered all the “sub-issues”, and we’re now tracking them into separate issues. Closing this one, but please feel free to reopen if there’s anything I overlooked.

formaciongrafica commented 7 months ago

Thanks Konstantinos!

It's a pleasure to have contributed, let's hope for new implementations soon :)

I assume that similar problems, with cookies like YouTube's "visitor_info1_live" are related to the same issue of iframes.

Greetings and a nice day for you and the team. Plácido.