- Affected version
- 2.2.12
Steps to reproduce
No cookie
Actual Result
Cookie
Suggested Fix
Cookie consent control should be mandatory on both client and server (for every cookie that is set/read via XF framework methods), not an Opt-In (for 3rd party code).
To keep backwards compatibility it might make sense to add an option to still allow unclassified cookies.
- Enable advanced cookie consent
- View a frontend page with a fresh browser
- Configure consent to not allow optional cookies
- Create an ad on position Container header with the following code
-
PHP:
<xf:if> XF.Cookie.set('from_search', 'unconsented-cookie-value'); </xf:if> - View another frontend page
- Check cookies
No cookie
xf_from_search is presentActual Result
Cookie
xf_from_search is present nad has value unconsented-cookie-valueSuggested Fix
Cookie consent control should be mandatory on both client and server (for every cookie that is set/read via XF framework methods), not an Opt-In (for 3rd party code).
To keep backwards compatibility it might make sense to add an option to still allow unclassified cookies.