From 81e2e345a7da458441558834bc61d63304528e8f Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Fri, 27 Aug 2021 03:24:06 +0300 Subject: [PATCH] Fix invalid behavior of invitations in case of blocked cookies --- src/mibew/js/source/widget.js | 27 +++++++++++++++++++ .../Mibew/Controller/WidgetController.php | 23 +++++++++++++++- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/src/mibew/js/source/widget.js b/src/mibew/js/source/widget.js index 89e8d2b3..32733d39 100644 --- a/src/mibew/js/source/widget.js +++ b/src/mibew/js/source/widget.js @@ -78,6 +78,12 @@ var Mibew = Mibew || {}; */ this.visitorCookieName = options.visitorCookieName; + /** + * Name of tracking cookie + * @type String + */ + this.cookiesBlocked = false; + /** * URL of file with additional CSS rules for invitation * @type String @@ -112,7 +118,14 @@ var Mibew = Mibew || {}; // Prepare GET params list this.dataToSend.entry = escape(document.referrer), this.dataToSend.locale = this.locale; + // Random value should be set both as a GET param and as a cookie, + // so it will be possible to find out whether cookies are blocked + // Also it will prevent response from being cached at any level this.dataToSend.rnd = Math.random(); + Mibew.Utils.createCookie( + 'mibewRndValue', + this.dataToSend.rnd + ); if (userId !== false) { this.dataToSend.user_id = userId; } else { @@ -330,6 +343,12 @@ var Mibew = Mibew || {}; * - 'acceptCaption': String, caption for accept button. */ Mibew.Invitation.create = function (options) { + + // Cookies are blocked, invitation will behave badly + if (Mibew.Objects.widget.cookiesBlocked) { + return; + } + var operatorName = options.operatorName; var avatarUrl = options.avatarUrl; var threadUrl = options.threadUrl; @@ -481,6 +500,14 @@ var Mibew = Mibew || {}; */ Mibew.APIFunctions = {}; + /** + * Update cookies status. API function + * @param {Object} response Data object from server + */ + Mibew.APIFunctions.updateCookiesBlockStatus = function(response) { + Mibew.Objects.widget.cookiesBlocked = response.cookiesBlocked; + }; + /** * Update user id. API function * @param {Object} response Data object from server diff --git a/src/mibew/libs/classes/Mibew/Controller/WidgetController.php b/src/mibew/libs/classes/Mibew/Controller/WidgetController.php index a77ab5bb..f560286b 100644 --- a/src/mibew/libs/classes/Mibew/Controller/WidgetController.php +++ b/src/mibew/libs/classes/Mibew/Controller/WidgetController.php @@ -51,10 +51,31 @@ class WidgetController extends AbstractController 'data' => array(), ); + // Check whether third parties cookies are blocked + // It will be impossible to chat if they are + $cookies_blocked = false; + $rnd_value1 = $request->query->get('rnd', false); + if ($request->cookies->has('mibewRndValue')) { + $rnd_value2 = $request->cookies->get('mibewRndValue'); + if ($rnd_value1 !== $rnd_value2) { + $cookies_blocked = true; + } + } + else { + $cookies_blocked = true; + } + + // Update status on blocked cookie + $response_data['handlers'][] = 'updateCookiesBlockStatus'; + $response_data['dependencies']['updateCookiesBlockStatus'] = array(); + $response_data['data']['cookiesBlocked'] = $cookies_blocked; + $tracking_allowed = (Settings::get('enabletracking') == '1') - && (Settings::get('trackoperators') == '1' || !$this->getOperator()); + && (Settings::get('trackoperators') == '1' || !$this->getOperator()) + && !$cookies_blocked; if ($tracking_allowed) { + $entry = $request->query->get('entry', ''); $referer = $request->server->get('HTTP_REFERER', ''); $user_id = $request->query->get('user_id', false);