From dabd9f5a0c8cee3e187d160d5a1878893bed199f Mon Sep 17 00:00:00 2001 From: Philipp Pracht Date: Tue, 15 Oct 2024 12:21:15 +0200 Subject: [PATCH] Cookie poisoning cxone fix (#3991) --- client/src/lifecycleManager.js | 10 ++++------ .../cypress/e2e/test-app/iframe/iframe-container.cy.js | 2 +- core/third-party-cookies/init.html | 6 ++---- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/client/src/lifecycleManager.js b/client/src/lifecycleManager.js index f186c1b6d1..3abbe9720d 100644 --- a/client/src/lifecycleManager.js +++ b/client/src/lifecycleManager.js @@ -146,16 +146,14 @@ class LifecycleManager extends LuigiClientBase { let tpc = 'enabled'; let cookies = document.cookie; let luigiCookie; - let luigiCookieKey; if (cookies) { luigiCookie = cookies .split(';') .map(cookie => cookie.trim()) - .find(cookie => cookie == 'luigiCookie=true'); + .find(cookie => cookie === 'luigiCookie=true'); } if (luigiCookie === 'luigiCookie=true') { - luigiCookieKey = luigiCookie.split('=')[0]; - document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure'; + document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure'; } document.cookie = 'luigiCookie=true; SameSite=None; Secure'; cookies = document.cookie; @@ -163,11 +161,11 @@ class LifecycleManager extends LuigiClientBase { luigiCookie = cookies .split(';') .map(cookie => cookie.trim()) - .find(cookie => cookie == 'luigiCookie=true'); + .find(cookie => cookie === 'luigiCookie=true'); } if (luigiCookie === 'luigiCookie=true') { + document.cookie = 'luigiCookie=; Max-Age=-99999999; SameSite=None; Secure'; window.parent.postMessage({ msg: 'luigi.third-party-cookie', tpc }, '*'); - document.cookie = luigiCookieKey + '=; Max-Age=-99999999; SameSite=None; Secure'; } else { tpc = 'disabled'; window.parent.postMessage({ msg: 'luigi.third-party-cookie', tpc }, '*'); diff --git a/container/cypress/e2e/test-app/iframe/iframe-container.cy.js b/container/cypress/e2e/test-app/iframe/iframe-container.cy.js index 55297964ff..0b6b5013e1 100644 --- a/container/cypress/e2e/test-app/iframe/iframe-container.cy.js +++ b/container/cypress/e2e/test-app/iframe/iframe-container.cy.js @@ -16,7 +16,7 @@ describe('Iframe Container Test', () => { .get('iframe') .then(() => { cy.wrap(stub).should('have.been.calledWith', 'set-third-party-cookies-request'); - cy.getCookie('luigiCookie').should('exist'); + cy.getCookie('luigiCookie').should('not.exist'); }); }); diff --git a/core/third-party-cookies/init.html b/core/third-party-cookies/init.html index 922b17dac4..01014781cc 100644 --- a/core/third-party-cookies/init.html +++ b/core/third-party-cookies/init.html @@ -2,7 +2,6 @@