Skip to content

Fix issue where required cookies are removed by orejime#4174

Merged
tdonohue merged 1 commit intoDSpace:mainfrom
atmire:fix-orejime-required-cookies
Apr 11, 2025
Merged

Fix issue where required cookies are removed by orejime#4174
tdonohue merged 1 commit intoDSpace:mainfrom
atmire:fix-orejime-required-cookies

Conversation

@artlowel
Copy link
Copy Markdown
Member

@artlowel artlowel commented Apr 11, 2025
edited by tdonohue
Loading

References

Description

This issue was caused by some unintuitive behavior of the orejime cookie popup. If apps are required, their cookies are still automatically deleted before the user has clicked "accept" or "decline" in the popup. And in the case where you don't have optional cookies that popup is never shown, so as a result all required cookies keep being deleted every time you refresh the page.

The solution was to set optOut: true for all required apps. This means that the cookies will be assumed to be allowed unless the user turns them off. Since they're required as well, the user can't turn them off. You'd expect optOut to be implied by the required option. But it seems like it isn't.

Instructions for Reviewers

  • Ensure changes to the language are persisted after you reload the page manually.
  • Test this both with, and without optional cookies. E.g. you can add a bogus google analytics key to your backend config, to have an optional cookie
  • If you have no optional cookies you shouldn't see the popup at all
  • if have have optional cookies the language should persist after a reload both before and after you've accepted or declined the popup

Checklist

  • My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes ESLint validation using npm run lint
  • My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • My PR aligns with Accessibility guidelines if it makes changes to the user interface.
  • My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
  • My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
  • If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
  • If my PR fixes an issue ticket, I've linked them together.

@artlowel artlowel added bug i18n / l10n Internationalisation and localisation, related to message catalogs high priority testathon Reported by a tester during Community Testathon labels Apr 11, 2025
@artlowel artlowel self-assigned this Apr 11, 2025
@artlowel artlowel moved this to 🙋 Needs Reviewers Assigned in DSpace 9.0 Release Apr 11, 2025
@artlowel artlowel added this to the 9.0 milestone Apr 11, 2025
@tdonohue
Copy link
Copy Markdown
Member

tdonohue commented Apr 11, 2025

Thanks @artlowel ! I'm going to review this today. Based on the description though, this might also fix #3963 . I'll check that too when I test this.

@tdonohue tdonohue self-requested a review April 11, 2025 16:04
@tdonohue tdonohue added the 1 APPROVAL pull request only requires a single approval to merge label Apr 11, 2025
tdonohue
tdonohue approved these changes Apr 11, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks @artlowel ! I've tested this today and verified it fixes both #4133 and also #3963 (which seems to have had the same underlying cause, but for the authentication cookie). Neither of these can be reproduced with this PR installed.

Glad you discovered this was simply a misconfiguration of Orejime.

@github-project-automation github-project-automation bot moved this from 🙋 Needs Reviewers Assigned to 👍 Reviewer Approved in DSpace 9.0 Release Apr 11, 2025
@tdonohue tdonohue mentioned this pull request Apr 11, 2025
Closed
@tdonohue tdonohue merged commit 956ed42 into DSpace:main Apr 11, 2025
15 checks passed
@github-project-automation github-project-automation bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace 9.0 Release Apr 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

@artlowel artlowel

Labels

1 APPROVAL pull request only requires a single approval to merge bug high priority i18n / l10n Internationalisation and localisation, related to message catalogs testathon Reported by a tester during Community Testathon

Projects

No open projects
DSpace 9.0 Release
Status: ✅ Done

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

Language selection is not retained after page refresh Logout on browser reload (dsAuthInfo cookie is lost)

2 participants

@artlowel @tdonohue