opentype Posted August 18, 2023 Posted August 18, 2023 I had a user report and can replicate this easily. I appears at least with the combination of Firefox (mobile and desktop) and Cloudflare with guest caching. Visit site without stored cookies Cookie bar appears Click Accept or Reject Site shows an error (2S119/1) and URL changes to mysite.com/cookies/?do=cookieConsent I guess it has something to do with the CSFR key being cached and used for multiple users, but I have no idea how to fix this without turning off guest caching altogether. Remzi68 1
Marc Posted August 18, 2023 Posted August 18, 2023 It would probably be a question for cloudflare that one. If its caching things we need it not to, they would at least have to not using caching on that URL
Stuart Silvester Posted August 18, 2023 Posted August 18, 2023 We've got an open bug report for this, it will be addressed in a future release. Marc, opentype, Adlago and 1 other 4
Daddy Posted September 20, 2023 Posted September 20, 2023 Any traction on this? Not having guest caching is a huge problem.
opentype Posted September 20, 2023 Author Posted September 20, 2023 I still see the same behaviour in 4.7.13.
Daddy Posted September 20, 2023 Posted September 20, 2023 Alright, so I cleared cache + redis cache + cloudflare cache, and it seems to be working now on Edge and Chrome. I haven't tested Firefox.
Marc Posted September 20, 2023 Posted September 20, 2023 1 hour ago, opentype said: I still see the same behaviour in 4.7.13. Have you tried the below? 37 minutes ago, Daddy said: Alright, so I cleared cache + redis cache + cloudflare cache, and it seems to be working now on Edge and Chrome. I haven't tested Firefox.
opentype Posted September 20, 2023 Author Posted September 20, 2023 Yes. My Cloudflare cache rules look like this: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms")
Marc Posted September 20, 2023 Posted September 20, 2023 Unfortunately this can only really be an issue with your cloudflare rules. The issue that was previously present can no longer be replicated
Daddy Posted September 20, 2023 Posted September 20, 2023 (edited) 5 hours ago, opentype said: Yes. My Cloudflare cache rules look like this: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms") Here's mine for reference: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "app" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms") Edited September 20, 2023 by Daddy
Stuart Silvester Posted September 20, 2023 Posted September 20, 2023 It would be worth checking that the 'guestTermsBar' template isn't modified in your theme. We changed the buttons into a form, so it sends a POST when either are clicked. It works in exactly the same way as any other form does for guests, fetches the appropriate CSRF key on submission.
opentype Posted September 20, 2023 Author Posted September 20, 2023 Those templates are fine. I can change the cache rules to exclude all /index.php URLs. That saves the cookies. But I actually found another issue that happens independent of the browser and Cloudflare: When the cookies are accepted on the homepage, it doesn’t forward to the original page but stays at an empty page. I tested it on all my sites and it consistently happens on the ones who have the Discover Feeds as the homepage. The browser URL looks like this and stays on this page: …index.php?app=core&module=system&controller=cookies&do=cookieConsentToggle&ref=aHR0cHM6Ly9zaW5nLnNhbG9u&csrfKey=1303e7ac90e8001c72… It doesn’t happen on my sites that have the Forums or Pages as the homepage. It also doesn’t happen for a specific subfeed like /discover/6, but only if I am on /. You can test this easily on my sites with the .guru and .salon domains. I keep Cloudlare page rules off for the time being.
Recommended Posts