From 02b4d335b277f4ae194c6578503f515cb41350e1 Mon Sep 17 00:00:00 2001 From: Kevin Aleman Date: Tue, 14 Sep 2021 11:08:25 -0600 Subject: [PATCH] [IMPROVE] Add cookie to identify widget calls (#645) --- src/api.js | 2 +- src/components/App/index.js | 4 +++- src/components/helpers.js | 18 ++++++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/api.js b/src/api.js index 57c335fa9..25741e1fb 100644 --- a/src/api.js +++ b/src/api.js @@ -4,6 +4,6 @@ import queryString from 'query-string'; const host = window.SERVER_URL || queryString.parse(window.location.search).serverUrl || (process.env.NODE_ENV === 'development' ? 'http://localhost:3000' : null); -const useSsl = host && host.match(/^https:/) !== null; +export const useSsl = host && host.match(/^https:/) !== null; export const Livechat = new LivechatClient({ host, protocol: 'ddp', useSsl }); diff --git a/src/components/App/index.js b/src/components/App/index.js index c26f91292..10286b686 100644 --- a/src/components/App/index.js +++ b/src/components/App/index.js @@ -19,7 +19,7 @@ import Register from '../../routes/Register'; import SwitchDepartment from '../../routes/SwitchDepartment'; import TriggerMessage from '../../routes/TriggerMessage'; import { Provider as StoreProvider, Consumer as StoreConsumer, store } from '../../store'; -import { visibility, isActiveSession } from '../helpers'; +import { visibility, isActiveSession, setInitCookies } from '../helpers'; function isRTL(s) { const rtlChars = '\u0591-\u07FF\u200F\u202B\u202E\uFB1D-\uFDFD\uFE70-\uFEFC'; @@ -54,6 +54,8 @@ export class App extends Component { user, } = this.props; + setInitCookies(); + if (gdprRequired && !gdprAccepted) { return route('/gdpr'); } diff --git a/src/components/helpers.js b/src/components/helpers.js index 7544d0d07..8c2caf6d9 100644 --- a/src/components/helpers.js +++ b/src/components/helpers.js @@ -1,6 +1,6 @@ import { Component } from 'preact'; -import { Livechat } from '../api'; +import { Livechat, useSsl } from '../api'; import I18n from '../i18n'; import store from '../store'; @@ -103,10 +103,20 @@ export function upsert(array = [], item, predicate, ranking) { return array; } +// This will allow widgets that are on different domains to send cookies to the server +// The default config for same-site (lax) dissalows to send a cookie to a "3rd party" unless the user performs an action +// like a click. Secure flag is required when SameSite is set to None +const getSecureCookieSettings = () => (useSsl ? 'SameSite=None; Secure;' : ''); + +export const setInitCookies = () => { + document.cookie = `rc_is_widget=t; path=/; ${ getSecureCookieSettings() }`; + document.cookie = `rc_room_type=l; path=/; ${ getSecureCookieSettings() }`; +}; + export const setCookies = (rid, token) => { - document.cookie = `rc_rid=${ rid }; path=/`; - document.cookie = `rc_token=${ token }; path=/`; - document.cookie = 'rc_room_type=l; path=/'; + document.cookie = `rc_rid=${ rid }; path=/; ${ getSecureCookieSettings() }`; + document.cookie = `rc_token=${ token }; path=/; ${ getSecureCookieSettings() }`; + document.cookie = `rc_room_type=l; path=/; ${ getSecureCookieSettings() }`; }; export const createToken = () => Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);