TMC
Active member
- Affected version
- 2.3.7
When using XenForo's advanced cookie consent panel, rejecting optional cookies results in media embeds (such as YouTube videos) being replaced with the message:
"To view this content, we will need your consent to set third-party cookies. For more detailed information, see our cookies page."
However, a problem arises when users reply to a thread. Upon posting a reply, the embedded media content is immediately loaded and displayed, even though the user has previously rejected the consent to set third-party cookies. This causes the media to load without the required cookie consent, bypassing the intended functionality of the consent system.
Expected Behavior:
The media should remain hidden, and the user should not be able to view or load the content until they provide consent for third-party cookies. Replying to a thread should not bypass this mechanism.
Attached is a screen recording of it happening on a completely fresh XF 2.3.7.
View attachment embed.mp4
"To view this content, we will need your consent to set third-party cookies. For more detailed information, see our cookies page."
However, a problem arises when users reply to a thread. Upon posting a reply, the embedded media content is immediately loaded and displayed, even though the user has previously rejected the consent to set third-party cookies. This causes the media to load without the required cookie consent, bypassing the intended functionality of the consent system.
Expected Behavior:
The media should remain hidden, and the user should not be able to view or load the content until they provide consent for third-party cookies. Replying to a thread should not bypass this mechanism.
Attached is a screen recording of it happening on a completely fresh XF 2.3.7.
View attachment embed.mp4
