opentype Posted August 18, 2023 Share Posted August 18, 2023 I had a user report and can replicate this easily. I appears at least with the combination of Firefox (mobile and desktop) and Cloudflare with guest caching. Visit site without stored cookies Cookie bar appears Click Accept or Reject Site shows an error (2S119/1) and URL changes to mysite.com/cookies/?do=cookieConsent I guess it has something to do with the CSFR key being cached and used for multiple users, but I have no idea how to fix this without turning off guest caching altogether. Remzi68 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted August 18, 2023 Share Posted August 18, 2023 It would probably be a question for cloudflare that one. If its caching things we need it not to, they would at least have to not using caching on that URL Link to comment Share on other sites More sharing options...
Stuart Silvester Posted August 18, 2023 Share Posted August 18, 2023 We've got an open bug report for this, it will be addressed in a future release. Marc Stridgen, DawPi, Adlago and 1 other 4 Link to comment Share on other sites More sharing options...
Daddy Posted September 20, 2023 Share Posted September 20, 2023 Any traction on this? Not having guest caching is a huge problem. Link to comment Share on other sites More sharing options...
Daniel F Posted September 20, 2023 Share Posted September 20, 2023 This was addressed in 4.7.13 Link to comment Share on other sites More sharing options...
opentype Posted September 20, 2023 Author Share Posted September 20, 2023 I still see the same behaviour in 4.7.13. Link to comment Share on other sites More sharing options...
Daddy Posted September 20, 2023 Share Posted September 20, 2023 Alright, so I cleared cache + redis cache + cloudflare cache, and it seems to be working now on Edge and Chrome. I haven't tested Firefox. Link to comment Share on other sites More sharing options...
Marc Stridgen Posted September 20, 2023 Share Posted September 20, 2023 1 hour ago, opentype said: I still see the same behaviour in 4.7.13. Have you tried the below? 37 minutes ago, Daddy said: Alright, so I cleared cache + redis cache + cloudflare cache, and it seems to be working now on Edge and Chrome. I haven't tested Firefox. Link to comment Share on other sites More sharing options...
opentype Posted September 20, 2023 Author Share Posted September 20, 2023 Yes. My Cloudflare cache rules look like this: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms") Link to comment Share on other sites More sharing options...
Marc Stridgen Posted September 20, 2023 Share Posted September 20, 2023 Unfortunately this can only really be an issue with your cloudflare rules. The issue that was previously present can no longer be replicated Link to comment Share on other sites More sharing options...
Daddy Posted September 20, 2023 Share Posted September 20, 2023 (edited) 5 hours ago, opentype said: Yes. My Cloudflare cache rules look like this: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "journal" and not http.request.uri contains "store" and not http.request.uri contains "weekly/?rss" and not http.request.uri contains "rss/" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "admin" and not http.request.uri contains "modcp" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms") Here's mine for reference: (not http.cookie contains "ips4_member_id" and not http.request.uri contains "login" and not http.request.uri contains "register" and not http.request.uri contains "app" and not http.request.uri contains "contact" and not http.cookie contains "ips4_IPSSessionAdmin" and not http.request.uri contains "terms") Edited September 20, 2023 by Daddy Link to comment Share on other sites More sharing options...
Stuart Silvester Posted September 20, 2023 Share Posted September 20, 2023 It would be worth checking that the 'guestTermsBar' template isn't modified in your theme. We changed the buttons into a form, so it sends a POST when either are clicked. It works in exactly the same way as any other form does for guests, fetches the appropriate CSRF key on submission. Link to comment Share on other sites More sharing options...
opentype Posted September 20, 2023 Author Share Posted September 20, 2023 Those templates are fine. I can change the cache rules to exclude all /index.php URLs. That saves the cookies. But I actually found another issue that happens independent of the browser and Cloudflare: When the cookies are accepted on the homepage, it doesn’t forward to the original page but stays at an empty page. I tested it on all my sites and it consistently happens on the ones who have the Discover Feeds as the homepage. The browser URL looks like this and stays on this page: …index.php?app=core&module=system&controller=cookies&do=cookieConsentToggle&ref=aHR0cHM6Ly9zaW5nLnNhbG9u&csrfKey=1303e7ac90e8001c72… It doesn’t happen on my sites that have the Forums or Pages as the homepage. It also doesn’t happen for a specific subfeed like /discover/6, but only if I am on /. You can test this easily on my sites with the .guru and .salon domains. I keep Cloudlare page rules off for the time being. Link to comment Share on other sites More sharing options...
Recommended Posts