XF 2.2 How to internally disable non-needed cookies?

Ivar Hill

Ivar Hill

Member
I am running a community which has no use for the xf_emoji_usage and xf_from_search cookies. Although they do not cause any functional issues, I would much prefer if they were not used at all since I want to keep cookies to strictly essential ones only. Is there a way I can set up my internal XenForo configuration so that these are not called or used whatsoever?
 
Sort by date Sort by votes
Bumping this thread as I have the same need.

Particularly I want to turn off xf_emoji_usage. I believe this is triggering a ModSecurity rule on my server (false positive for XSS injection). Instead of turning off the Mod Security rule I'd much rather disable emoji use tracking.
 
Upvote 0 Downvote
Of course, there is no documented way of disabling the xf_emoji_usage cookie and the following has not been tested for side effects, however I have tracked the locations of where this cookie is set, so you can attempt removing this code from these files.

Note: You will probably get file check file content warnings in your admin control panel following this, in that case you will need to find the SHA256 hashes of the files you edited and update them in src/addons/XF/hashes.json. 7-zip archiver is an easy program and windows staple where you can right click a file and generate the hash.

Good luck!

Instructions created for XF 2.2.13

js/xf/core.js Line 3001 Remove:

Code: 
XF.Cookie.set(
   'emoji_usage',
   recent.join(','),
   new Date(new Date().setFullYear(new Date().getFullYear() + 1))
);

js/xf/core.min.js Search for and remove: XF.Cookie.set("emoji_usage",c.join(","),new Date((new Date).setFullYear((new Date).getFullYear()+1)));

js/xf/core-compiled.js Search for and remove XF.Cookie.set("emoji_usage",c.join(","),new Date((new Date).setFullYear((new Date).getFullYear()+1)));


In case anyone wants to learn how to do this, what I did is I downloaded the source code for my forum, then used find in files the cookie name. The important trick here is you need to discard the xf_ prefix in the cookie. XenForo sets that separately so you have to search for the cookie without this prefix, eg search for emoji_usage. If you don't have a program for searching in files in a directory, you can download and use Notepad++ for this.

Alternatively instead of removing code you can comment it out eg, replacing XF.Cookie.set("emoji_usage",c.join(","),new Date((new Date).setFullYear((new Date).getFullYear()+1))); with /* self note remove xf_emoji_usage XF.Cookie.set("emoji_usage",c.join(","),new Date((new Date).setFullYear((new Date).getFullYear()+1))); */

and

Code: 
/* self note remove xf_emoji_usage
XF.Cookie.set(
   'emoji_usage',
   recent.join(','),
   new Date(new Date().setFullYear(new Date().getFullYear() + 1))
);
*/

So you can undo your changes more easily, if you are making multiple modifications to your files for other purposes too.
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.
Top Bottom