SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× EU e-Privacy Directive needs your help!

A free extension like this survives only by reputation. You can help by submitting a review in the Joomla Extension Directory. Please take the time to make a review by clicking on the link below (opens in a new window)

extensions.joomla.org/write-review/review/add?extension_id=4850

I Agree button not working

More
3 months 3 days ago #4323 by smith
Replied by smith on topic I Agree button not working
Same problem here. Firefox does not accept cookies from this extension:

The "plg_system_eprivacy" cookie will soon be rejected because it will either indicate "none" or an invalid value for the "sameSite" attribute without using the "secure" attribute. Further information on the "sameSite" attribute can be found at developer.mozilla.org/docs/Web/HTTP/Cookies

Please Log in or Create an account to join the conversation.

More
3 months 2 days ago - 3 months 2 days ago #4325 by michael
Replied by michael on topic I Agree button not working
My extension doesn't set cookies - it prevents Joomla from setting them. It doesn't alter cookies in any way - it merely prevents them from loading. You can search the code for setcookie (php), cookie->set('xxx') (Joomla), and Document.cookie (javascript) and you'll fine none of them.

The sameSite attribute isn't being honored somewhere else in your site. I would look at your global configuration at the cookie domain. If it doesn't match the domain that's being browsed, that can cause the issue. It either must match, or must be the domain + tld preceded by a "." (making it a wildcard) like this ".richeyweb.com". Otherwise, you may have an extension trying to set a cookie for another domain (no bueno).
Last edit: 3 months 2 days ago by michael.

Please Log in or Create an account to join the conversation.

More
2 months 4 days ago #4337 by TomN
Replied by TomN on topic I Agree button not working
Michael,
your e-Privacy Directive is setting the long-term cookie plg_system_eprivacy "to remain on the users system between visits".
This cookie is set with
SameSite: None
Secure: false

Firefox warns:
The "plg_system_eprivacy" cookie will soon be rejected

What do you recommend?
Thanks for your help and time
Tom

Please Log in or Create an account to join the conversation.

More
1 month 2 weeks ago #4346 by pieter
Replied by pieter on topic I Agree button not working
Hi Michael,

I have similar in FF.

It appears default browser behaviour to have secure to false and SameSite to none.
This combination triggers the warning according to developer.mozilla.org/en-US/docs/Web/HTT.../Set-Cookie/SameSite

By adding 'secure' context to the cookie code it is solved.
In eprivacy/eprivacy.php line 422 change:
$app->input->cookie->set('plg_system_eprivacy', $value, $expire, $cookie_path, $cookie_domain);

into
$app->input->cookie->set('plg_system_eprivacy', $value, $expire, $cookie_path, $cookie_domain, 'secure');

the default is samesite=none but in more modern browsers it needs the context 'secure'

Please Log in or Create an account to join the conversation.

More
3 weeks 3 days ago #4348 by spencerarcher

pieter wrote: Hi Michael,

I have similar in FF.

It appears default browser behaviour to have secure to false and SameSite to none.
This combination triggers the warning according to developer.mozilla.org/en-US/docs/Web/HTT.../Set-Cookie/SameSite

By adding 'secure' context to the cookie code it is solved.
In eprivacy/eprivacy.php line 422 change:

$app->input->cookie->set('plg_system_eprivacy', $value, $expire, $cookie_path, $cookie_domain);

into
$app->input->cookie->set('plg_system_eprivacy', $value, $expire, $cookie_path, $cookie_domain, 'secure');

the default is samesite=none but in more modern browsers it needs the context 'secure'

Thankyou so much. That was very helpful honestly.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Powered by Kunena Forum