GithubHelp home page GithubHelp logo

mozilla / cookie-banner-rules-list Goto Github PK

View Code? Open in Web Editor NEW
102.0 14.0 25.0 412 KB

Rules List for how Firefox's Automated Cookie Banner Preference Manager is to interact with banners on a site by site basis

License: Mozilla Public License 2.0

Dockerfile 2.81% Python 55.44% JavaScript 41.76%

cookie-banner-rules-list's Introduction

Cookie Banner Rule List

Rules List for Firefox's automated cookie banner handling feature.

Important

We are currently not accepting PRs adding more global / CMP rules (empty domain field) until we have concluded our performance testing. Contributing new or fixing existing site-specific rules is still encouraged!

How to Add or Update Rules

Test Rules

You can test rules locally in Firefox before adding them to the repository with the cookiebanners.listService.testRules pref. It accepts a JSON array of rules. Test rules will take precedence over rules from the global list.

Since the feature is still in development, please use the latest version of Firefox Nightly for testing. You need to set the following prefs to enable the feature:

  • cookiebanners.service.mode = 1 (reject all) or 2 (reject all or fall back to accept all).
  • cookiebanners.bannerClicking.enabled = true - Enables the clicking feature.
  • cookiebanners.cookieInjector.enabled = true - Enables the cookie injection feature.

Submit Rules

Once you have confirmed that your updated / added rules work in Nightly, you can add them to the rules file cookie-banner-rules-list.json so they can be deployed to all Firefox clients.

When adding rules to the array in the file, make sure that you don't add duplicates rules or rules with invalid JSON. Each rule needs to have a unique id field containing a UUID. You can generate one in your terminal with uuidgen.

See CookieBannerRuleList.schema.json and CookieBannerRule.schema.json for the exact rule format required.

Before submitting run the following commands to ensure the rule list is well formatted and valid:

Install dependencies:

npm install

Run tests:

npm test

You can correct any prettier formatting issues automatically with

npm run prettier

To submit your rule list change please create a pull request. Include the list of affected domains in the description.

Example Rule

Here is an example rule that both defines cookies to set and a cookie banner to click on:

{
  "domains": ["example.com", "example.org"],
  "click": {
    "hide": "#bannerParent",
    "optIn": "#accept-btn",
    "optOut": "#reject-btn",
    "presence": ".cookie-banner"
  },
  "cookies": {
    "optOut": [
      {
        "name": "cookieBannerConsent",
        "value": "0"
      }
    ]
  },
  "id": "706cca25-cea5-49e8-9179-ff3f55c9c1d3"
}

Not all fields are mandatory. See CookieBannerRule.schema.json for details.

If a rule defines both click rules and cookies the implementation will first try to set cookies and only attempt to handle the banner if it still shows up.

Deployment

The rs-publish.py script from this repo publishes the latest cookie-banner-rules-list.json and updates the associated collection in RemoteSettings:

When running the script, logs are emitted to stdout indicate if the collection was updated, and if so, provide a short summary of the modifications, and ultimately ask for a data review of those changes (unless ENVIRONMENT is set to dev, in which case changes are automatically published)

cookie-banner-rules-list's People

Contributors

abhishekmadan30 avatar ahoneiser avatar alesar1 avatar artines1 avatar arxo avatar cadeyrn avatar cboozar avatar dependabot[bot] avatar elsensee avatar greg-21 avatar jaredhirsch avatar leplatrem avatar metametapod avatar ran-sama avatar reinerh avatar saschanaz avatar scharmach avatar softvision-patriciupop avatar softvision-valentinbandac avatar trikolon avatar vinnl avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

cookie-banner-rules-list's Issues

More schema validation?

I was poking at the schema validation and we might be able to make it a bit more strict.
I broke your ./cookie-banner-rules-list.json file by adding typos to almost every field (except domain and id, both of which seem to be required).

    {
      "clik": {
        "otIn": "button.btn-accept",
        "ptOut": "button.btn-reject",
        "resence": "div#cookie-disclosure"
      },
      "domain": "netflix.com",
      "schem": 1661164945628,
      "cookes": {},
      "id": "6037802d-9a37-4df2-bf35-9ad60c478725",
      "last_moified": 1661164976796
    },

The validator seems to say that the file is still valid, and presumably all the typo fields are ignored.

I was able to get some errors throwing if I copy the schema locally, and add additionalProperties: false to the schema:

  "properties": {
    "data": {
      "type": "array",
      "items": 
      {
        "type": "object",
        "additionalProperties": false,
        "title": "Cookie Banner Rule",

โ€ฆ but now it seems to complain about unknown schema and last_modified properties. Quick fix:

          "schema": {
            "type": "number"
          },
          "last_modified": {
            "type": "number"
          },

Behold:

npm run validate

> [email protected] validate
> node test/validateRules.js

Rule list validation error [
  {
    instancePath: '/data/35',
    schemaPath: '#/properties/data/items/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'clik' },
    message: 'must NOT have additional properties'
  }
]

And we can slightly tweak that to return ALL errors, versus bailing on the first error by adding allErrors: true to our config:

const ajv = new Ajv({ loadSchema, allErrors: true });

And now it should report all-ish errors:

npm run validate

> [email protected] validate
> node test/validateRules.js

Rule list validation error [
  {
    instancePath: '/data/35',
    schemaPath: '#/properties/data/items/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'clik' },
    message: 'must NOT have additional properties'
  },
  {
    instancePath: '/data/35',
    schemaPath: '#/properties/data/items/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'schem' },
    message: 'must NOT have additional properties'
  },
  {
    instancePath: '/data/35',
    schemaPath: '#/properties/data/items/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'cookes' },
    message: 'must NOT have additional properties'
  },
  {
    instancePath: '/data/35',
    schemaPath: '#/properties/data/items/additionalProperties',
    keyword: 'additionalProperties',
    params: { additionalProperty: 'last_moified' },
    message: 'must NOT have additional properties'
  }
]

Still probably room for more improvements w/ nested properties. But I think it's probably worth adjusting our schema to be a bit stricter to catch typos.

flickr rule hides the wrong element

The flickr rule hides the cookie banner element (.truste_box_overlay_inner), but not the translucent dark overlay that sits beneath the cookie banner (.truste_overlay), so that the site looks odd.

With banner auto-hidden:

Screenshot 2022-11-09 at 3 03 39 PM

Correct appearance, with div.truste_overlay hidden as well as div.truste_box_overlay_inner:

Screenshot 2022-11-09 at 3 05 06 PM

Note that the DOM structure requires us to hide two sibling elements whose parent element is the body el:

<body>
  ... lots of stuff ...
  <div class="truste_overlay"></div>
  <div class="truste_box_overlay">
    <div class="truste_box_overlay_inner">

I wonder if it might make sense to target the truste_box_overlay instead of truste_box_overlay_inner.

cnn.com reloads

via mozilla/Foxfooding_Cookie_Banner_Handling#2

Firefox Version: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1920x947
GitHub Username: @pedroldk

Steps to Reproduce

Go to https://cnn.com

Expected Behavior

The page should not reload.

Actual Behavior

Went to cnn.com and although the site didn't show the cookie banner as expected, the page reloaded. This behaviour might break redirects or pop-ups on some websit

Cookie rule for n-tv.de not working

When I disable banner clicking by setting cookiebanners.bannerClicking.enabled to false and visit https://n-tv.de the cookie banner still shows up. This is probably because the cookie we set is dynamically generated and not replayable. We can rely solely on the clicking instead.

This cookie might not replayable generally. We should check all cases where we inject cookies with the key euconsent-v2.

google-analytics.com cookie prompt isn't cleared

via mozilla/Foxfooding_Cookie_Banner_Handling#4

Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1280x955
GitHub Username: @jnv

Steps to Reproduce

  1. Visited google-analytics.com
  2. I am redirected to https://marketingplatform.google.com/about/analytics/

Expected Behavior

I shouldn't see a cookie promp or announcement on the site.

Actual Behavior

I see a stripe "This site uses cookies from Google to deliver its services and to analyze traffic." on bottom of the site

Attachment

Attachment
Link to the original attachment

Move sync script to separate repository

Currently we have both the sync script and the cookie banner rules list in the same repo. We don't expect to update the script very often, but the list will be updated frequently. There is no need to re-deploy the script whenever the list changes.

This will fix #8 too.

Cookie banner not cleared on yahoo.com

Environment:

  • MacOS
  • Nightly 108
  • cookiebanners.service.mode set to 2
  • cookiebanners.service.mode.privateBrowsing set to 2

STR

  • Browse to yahoo.com
  • Observe the blurred UI without a cookie banner for 2 seconds
  • The cookie banner appears

Consider moving rules into individual files

Currently the entire rule list is in one big JSON file. Moving rules to individual files would make reviewing and handling rules easier.
This would require updating our sync-script and our validation CI.

Loading of vox.com locks up FF up to 30 seconds

via mozilla/Foxfooding_Cookie_Banner_Handling#7

Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Window Size (inner width and height): 1577x1160
GitHub Username: @gahisee

Steps to Reproduce

Simply browse to: http://www.vox.com/

Expected Behavior

Load the main page!

Actual Behavior

Not always but randomly, entire FF, not just the tab, locks up for up to 30 seconds.
I have reported this same issue with FF v106 as well.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.