mozilla / cookie-banner-rules-list Goto Github PK
View Code? Open in Web Editor NEWRules List for how Firefox's Automated Cookie Banner Preference Manager is to interact with banners on a site by site basis
License: Mozilla Public License 2.0
Rules List for how Firefox's Automated Cookie Banner Preference Manager is to interact with banners on a site by site basis
License: Mozilla Public License 2.0
There are some more StackExchange sites we can add rules for:
It fails and we don't really need it other than for pushes. E.g. see #6
@ahoneiser do you agree, or is there a reason why we need it to run for PRs too?
Cookie banner is displayed: https://azure.microsoft.com/fr-fr/
Azure is a subdomain, we do not currently support Subdomains
via mozilla/Foxfooding_Cookie_Banner_Handling#5
Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1280x955
GitHub Username: @jnvSteps to Reproduce
Expected Behavior
I shouldn't see a cookie prompt
Actual Behavior
I see "We Care About Your Privacy" pop-over (more than one actually
Attachment
Our linting code needs to be updated to take into account the new domains field.
via mozilla/Foxfooding_Cookie_Banner_Handling#3
Firefox Version: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1868x1088
GitHub Username: @127001Steps to Reproduce
Open https://skype.com
Expected Behavior
The top cookie banner to be denied.
Actual Behavior
Cookiebanner remains visible.
Attachment
Environment:
STR
The flickr rule hides the cookie banner element (.truste_box_overlay_inner
), but not the translucent dark overlay that sits beneath the cookie banner (.truste_overlay
), so that the site looks odd.
With banner auto-hidden:
Correct appearance, with div.truste_overlay
hidden as well as div.truste_box_overlay_inner
:
Note that the DOM structure requires us to hide two sibling elements whose parent element is the body el:
<body>
... lots of stuff ...
<div class="truste_overlay"></div>
<div class="truste_box_overlay">
<div class="truste_box_overlay_inner">
I wonder if it might make sense to target the truste_box_overlay
instead of truste_box_overlay_inner
.
via mozilla/Foxfooding_Cookie_Banner_Handling#4
Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1280x955
GitHub Username: @jnvSteps to Reproduce
- Visited google-analytics.com
- I am redirected to https://marketingplatform.google.com/about/analytics/
Expected Behavior
I shouldn't see a cookie promp or announcement on the site.
Actual Behavior
I see a stripe "This site uses cookies from Google to deliver its services and to analyze traffic." on bottom of the site
Attachment
via mozilla/Foxfooding_Cookie_Banner_Handling#9
Firefox Version: Firefox Nightly 108.0a1
Window Size (inner width and height): 1300x1050Steps to Reproduce
- Went to https://DHL.com as per list for foxfooding
- DHL.com redirect to DHL.com/se-sv/...
- Asks for permissions for cookies
Expected Behavior
Autorejected cookie notice.
Actual Behavior
Cookie notice not automatically rejected.
Attachment
This requires updating the sync script to fetch the list from a remote URL instead of bundling it in the Docker image. It will remove the need re-deploy the script for rule list changes, which is currently a manual process.
We can use https://github.com/PyGithub/PyGithub in the script to get info about the latest release and get the rules list file associated with the release.
When I disable banner clicking by setting cookiebanners.bannerClicking.enabled
to false
and visit https://n-tv.de the cookie banner still shows up. This is probably because the cookie we set is dynamically generated and not replayable. We can rely solely on the clicking instead.
This cookie might not replayable generally. We should check all cases where we inject cookies with the key euconsent-v2
.
#6 adds validation and code reformatting. We can use these scripts in a GitHub Action to ensure list change PRs are valid.
https://sportowefakty.wp.pl/ [non-english site]
Ex: https://twit.tv/shows/security-now/episodes/898
Need to hit "Hide"
Cookie banner is displayed https://www.lyreco.com/
top of page
For more details see:
mozilla-mobile/fenix#27719 (comment)
https://bugzilla.mozilla.org/show_bug.cgi?id=1803117#c2
Mozilla cookie banner on https://connect.mozilla.org/
Connect is a subdomain, we do not currently support Subdomains
For https://bugzilla.mozilla.org/show_bug.cgi?id=1801074 we're landing a change which will make the clicking code only run in the top level frame by default. That means we need to update the rules that rely on running in iframes. We need to add a "runContext": "child"
entry to the click object.
via mozilla/Foxfooding_Cookie_Banner_Handling#7
Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Window Size (inner width and height): 1577x1160
GitHub Username: @gahiseeSteps to Reproduce
Simply browse to: http://www.vox.com/
Expected Behavior
Load the main page!
Actual Behavior
Not always but randomly, entire FF, not just the tab, locks up for up to 30 seconds.
I have reported this same issue with FF v106 as well.
Note: Button says "Fine" instead of accept
via mozilla/Foxfooding_Cookie_Banner_Handling#10
Firefox Version: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0
Window Size (inner width and height): 1280x955
GitHub Username: @hokonchSteps to Reproduce
- cookiebanners.service.mode set to 2
- Access https://businessinsider.com.pl/
Expected Behavior
Scrollable
Actual Behavior
Unscrollable
Attachment
Slight flash of cookie modal before it is closed
Example: https://global.wf.com/hub_blog/year-dine-thanksgiving/
but I don't see a notice at https://wf.com
Currently we have both the sync script and the cookie banner rules list in the same repo. We don't expect to update the script very often, but the list will be updated frequently. There is no need to re-deploy the script whenever the list changes.
This will fix #8 too.
Banner is animated in and out: digicert.com
Cosmetic issue with the click rule
via mozilla/Foxfooding_Cookie_Banner_Handling#2
Firefox Version: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Window Size (inner width and height): 1920x947
GitHub Username: @pedroldkSteps to Reproduce
Go to https://cnn.com
Expected Behavior
The page should not reload.
Actual Behavior
Went to cnn.com and although the site didn't show the cookie banner as expected, the page reloaded. This behaviour might break redirects or pop-ups on some websit
Currently the entire rule list is in one big JSON file. Moving rules to individual files would make reviewing and handling rules easier.
This would require updating our sync-script and our validation CI.
Cookie banner is displayed: microsoft.com
I was poking at the schema validation and we might be able to make it a bit more strict.
I broke your ./cookie-banner-rules-list.json file by adding typos to almost every field (except domain
and id
, both of which seem to be required).
{
"clik": {
"otIn": "button.btn-accept",
"ptOut": "button.btn-reject",
"resence": "div#cookie-disclosure"
},
"domain": "netflix.com",
"schem": 1661164945628,
"cookes": {},
"id": "6037802d-9a37-4df2-bf35-9ad60c478725",
"last_moified": 1661164976796
},
The validator seems to say that the file is still valid, and presumably all the typo fields are ignored.
I was able to get some errors throwing if I copy the schema locally, and add additionalProperties: false
to the schema:
"properties": {
"data": {
"type": "array",
"items":
{
"type": "object",
"additionalProperties": false,
"title": "Cookie Banner Rule",
โฆ but now it seems to complain about unknown schema
and last_modified
properties. Quick fix:
"schema": {
"type": "number"
},
"last_modified": {
"type": "number"
},
Behold:
npm run validate
> [email protected] validate
> node test/validateRules.js
Rule list validation error [
{
instancePath: '/data/35',
schemaPath: '#/properties/data/items/additionalProperties',
keyword: 'additionalProperties',
params: { additionalProperty: 'clik' },
message: 'must NOT have additional properties'
}
]
And we can slightly tweak that to return ALL errors, versus bailing on the first error by adding allErrors: true
to our config:
const ajv = new Ajv({ loadSchema, allErrors: true });
And now it should report all-ish errors:
npm run validate
> [email protected] validate
> node test/validateRules.js
Rule list validation error [
{
instancePath: '/data/35',
schemaPath: '#/properties/data/items/additionalProperties',
keyword: 'additionalProperties',
params: { additionalProperty: 'clik' },
message: 'must NOT have additional properties'
},
{
instancePath: '/data/35',
schemaPath: '#/properties/data/items/additionalProperties',
keyword: 'additionalProperties',
params: { additionalProperty: 'schem' },
message: 'must NOT have additional properties'
},
{
instancePath: '/data/35',
schemaPath: '#/properties/data/items/additionalProperties',
keyword: 'additionalProperties',
params: { additionalProperty: 'cookes' },
message: 'must NOT have additional properties'
},
{
instancePath: '/data/35',
schemaPath: '#/properties/data/items/additionalProperties',
keyword: 'additionalProperties',
params: { additionalProperty: 'last_moified' },
message: 'must NOT have additional properties'
}
]
Still probably room for more improvements w/ nested properties. But I think it's probably worth adjusting our schema to be a bit stricter to catch typos.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.