search

wellcomecollection / wellcomecollection.org

🪟 Wellcome Collection's website and services that support it
https://wellcomecollection.org
MIT License
38 stars 5 forks source link

Content advisory consent; issues with access to images #10999

Open rcantin-w opened 1 month ago

rcantin-w commented 1 month ago

On 5th June, Emily Lansell from Collections came to us on Slack with some feedback regarding the Item viewer and the Advisory content permissions; the images weren't being served to her.

Image

We originally treated the issue as a Cookie Banner overlap (which was an issue, but not the whole thing) and worked on ensuring the Cookie Banner and the Content Advisory Modal didn't conflict with each other on trapping focus (ticket here).

She came back to the thread on 4th July to say the issue was still happening.

This is the state of the investigation:

  1. The dcls-token-2 cookie is valid for 10minutes. Digirati have assured us that it gets extended if the user is actively looking at the page. That's not the case when someone is transcribing what's on the page as it is not the page in focus. Question 1: Would we want the expiry time to be longer?

  2. I had a call with her where she shared her screen and can confirm that when she gets the error from the image above, her dlcs- cookie is still valid and hasn't expired.

  3. Many of these errors can be found in the console:

    • GET https://iiif.wellcomecollection.org/image/b18773205_WA_HMM_CM_Acc_49_0030.jp2/info.jsonll 400 (Bad Request) (Question 2: What is that "ll" as the end of the URL? When removed, it works. Team Slack conversation here / Digirati conversation here where they confirmed they don't know why that's there.). EDIT: Addressed in this PR.
    • GET https://iiif.wellcomecollection.org/image/b18773205_WA_HMM_CM_Acc_49_0033.jp2/full/%2C1000/0/default.jpg 401 (Unauthorized) (even if the consent cookie has not yet expired)

  4. Emily mentions the problem seems to happen less often in Incognito mode, so I had her reset her toggles for a few days to see if it helped. She had on the API toolbar one. I also noticed she had on the WC_wellcomeImagesRedirect one, but it doesn't seem to do much in our codebase.

  5. Emily mentioned it seemed to have become more of an issue since the Cookie Consent banner was added. *Question 3: Could it have to do with Civic UK struggling to recognise `dlcs-` cookies in time for the IIIF request to be allowed?**

rcantin-w commented 1 month ago

Question 2 addressed in this PR

rcantin-w commented 1 month ago

A ticket was created on Digirati's side after some good investigating this afternoon: See Slack thread.

As it's third-party I'll move this ticket to Blocked until we find out if we can do anything on our side.

rcantin-w commented 1 month ago

Since this has been identified as a Digirati bug and ticket, I'll move to the platform board and assign to @jcateswellcome to keep an eye on it.

jcateswellcome commented 1 month ago

ok - we can keep nudging Digerati on this. Thanks for all the work @rcantin-w on problem solving this