Fix invalid behavior of invitations in case of blocked cookies

2025-10-31 18:41:10 +03:00 · 2021-08-27 03:24:06 +03:00 · 2021-08-27 03:24:06 +03:00 · 81e2e345a7
commit 81e2e345a7
parent ce5071c3e3
2 changed files with 49 additions and 1 deletions
--- a/src/mibew/js/source/widget.js
+++ b/src/mibew/js/source/widget.js
@ -78,6 +78,12 @@ var Mibew = Mibew || {};
         */
        this.visitorCookieName = options.visitorCookieName;

+        /**
+         * Name of tracking cookie
+         * @type String
+         */
+        this.cookiesBlocked = false;
+
        /**
         * URL of file with additional CSS rules for invitation
         * @type String
@ -112,7 +118,14 @@ var Mibew = Mibew || {};
        // Prepare GET params list
        this.dataToSend.entry = escape(document.referrer),
        this.dataToSend.locale = this.locale;
+        // Random value should be set both as a GET param and as a cookie,
+        // so it will be possible to find out whether cookies are blocked
+        // Also it will prevent response from being cached at any level
        this.dataToSend.rnd = Math.random();
+        Mibew.Utils.createCookie(
+            'mibewRndValue',
+            this.dataToSend.rnd
+        );
        if (userId !== false) {
            this.dataToSend.user_id = userId;
        } else {
@ -330,6 +343,12 @@ var Mibew = Mibew || {};
     *  - 'acceptCaption': String, caption for accept button.
     */
    Mibew.Invitation.create = function (options) {
+
+        // Cookies are blocked, invitation will behave badly
+        if (Mibew.Objects.widget.cookiesBlocked) {
+            return;
+        }
+
        var operatorName = options.operatorName;
        var avatarUrl = options.avatarUrl;
        var threadUrl = options.threadUrl;
@ -481,6 +500,14 @@ var Mibew = Mibew || {};
     */
    Mibew.APIFunctions = {};

+    /**
+     * Update cookies status. API function
+     * @param {Object} response Data object from server
+     */
+    Mibew.APIFunctions.updateCookiesBlockStatus = function(response) {
+        Mibew.Objects.widget.cookiesBlocked = response.cookiesBlocked;
+    };
+
    /**
     * Update user id. API function
     * @param {Object} response Data object from server
--- a/src/mibew/libs/classes/Mibew/Controller/WidgetController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/WidgetController.php
@ -51,10 +51,31 @@ class WidgetController extends AbstractController
            'data' => array(),
        );

+        // Check whether third parties cookies are blocked
+        // It will be impossible to chat if they are
+        $cookies_blocked = false;
+        $rnd_value1 = $request->query->get('rnd', false);
+        if ($request->cookies->has('mibewRndValue')) {
+            $rnd_value2 = $request->cookies->get('mibewRndValue');
+            if ($rnd_value1 !== $rnd_value2) {
+                $cookies_blocked = true;
+            }
+        }
+        else {
+            $cookies_blocked = true;
+        }
+
+        // Update status on blocked cookie
+        $response_data['handlers'][] = 'updateCookiesBlockStatus';
+        $response_data['dependencies']['updateCookiesBlockStatus'] = array();
+        $response_data['data']['cookiesBlocked'] = $cookies_blocked;
+
        $tracking_allowed = (Settings::get('enabletracking') == '1')
-            && (Settings::get('trackoperators') == '1' || !$this->getOperator());
+            && (Settings::get('trackoperators') == '1' || !$this->getOperator())
+            && !$cookies_blocked;

        if ($tracking_allowed) {
+
            $entry = $request->query->get('entry', '');
            $referer = $request->server->get('HTTP_REFERER', '');
            $user_id = $request->query->get('user_id', false);