orestbida
[Feat]: Allow leaving out `Domain` in CookieConsent cookie
Description
Currently, CookieConsent will ALWAYS (except on localhost) set the ;Domain=... attribute on the cc_cookie cookie it creates to store preferences.
However, according to MDN, leaving out ;Domain=... when creating the cookie has a different behavior than explicitly setting the ;Domain=... attribute to f.e. window.location.hostname:
"If not specified, this defaults to the host portion of the current document location and the cookie is not available on subdomains. If a domain is specified, subdomains are always included. Contrary to earlier specifications, leading dots in domain names are ignored, but browsers may decline to set the cookie containing such dots."
What I would like is that the cookie is only available on my root domain, NOT it's subdomains. However, this is currently not possible since I cannot prevent ;Domain=... from being specified...
Please add a way to prevent CookieConsent from specifying ;Domain=... when creating it's cookie.
Proposed solution
Maybe, when cookie.domain is null, it will explicitly leave it out:
CookieConsent.run({
cookie: {
domain: null, // Don't set `;Domain=...`
// ...
},
// ...
});
Or, use an extra config key, like cookie.omitDomain:
CookieConsent.run({
cookie: {
omitDomain: true, // Don't set `;Domain=...`
// ...
},
// ...
});
Additional details
Here is the code which always adds the ;Domain=... attribute to the cookie:
https://github.com/orestbida/cookieconsent/blob/c3882de2822a26eb9842c8b019d228374cf9b075/src/utils/cookies.js#L268
Yes, this was already discussed here.
And I am fine with implementing it with this approach:
domain: <any falsy value>
@orestbida wrote: Yes, this was already discussed here.
And I am fine with implementing it with this approach:
domain: <any falsy value>
Ah, damn, didn't look at the discussions to look for duplicates. But glad this is getting attention! Thanks a lot!