From 57c14eb114bac1f8b2b48c3201391c7e28d6c937 Mon Sep 17 00:00:00 2001 From: Jeremy Zhang Date: Mon, 28 Jan 2019 03:03:25 +0000 Subject: [PATCH] Third party cookie test --- webapp/titanembeds/blueprints/embed/embed.py | 23 +++++++++++++++-- webapp/titanembeds/static/css/embed.css | 21 ++++++++++++++++ webapp/titanembeds/static/js/embed.js | 26 ++++++++++++++++++++ webapp/titanembeds/templates/embed.html.j2 | 10 +++++++- 4 files changed, 77 insertions(+), 3 deletions(-) diff --git a/webapp/titanembeds/blueprints/embed/embed.py b/webapp/titanembeds/blueprints/embed/embed.py index 02258b7..b78ba5f 100644 --- a/webapp/titanembeds/blueprints/embed/embed.py +++ b/webapp/titanembeds/blueprints/embed/embed.py @@ -1,4 +1,4 @@ -from flask import Blueprint, render_template, abort, redirect, url_for, session, request +from flask import Blueprint, render_template, abort, redirect, url_for, session, request, make_response from flask_babel import gettext from titanembeds.utils import check_guild_existance, guild_query_unauth_users_bool, guild_accepts_visitors, guild_unauthcaptcha_enabled, is_int, redisqueue, get_online_embed_user_keys from titanembeds.oauth import generate_guild_icon_url, generate_avatar_url @@ -112,4 +112,23 @@ def login_discord(): @embed.route("/noscript") def noscript(): - return render_template("noscript.html.j2") \ No newline at end of file + return render_template("noscript.html.j2") + +@embed.route("/cookietest1") +def cookietest1(): + js = "window._3rd_party_test_step1_loaded();" + response = make_response(js, 200, {'Content-Type': 'application/javascript'}) + response.set_cookie('third_party_c_t', "works", max_age=30) + return response + +@embed.route("/cookietest2") +def cookietest2(): + js = "window._3rd_party_test_step2_loaded(" + if "third_party_c_t" in request.cookies and request.cookies["third_party_c_t"] == "works": + js = js + "true" + else: + js = js + "false" + js = js + ");" + response = make_response(js, 200, {'Content-Type': 'application/javascript'}) + response.set_cookie('third_party_c_t', "", expires=0) + return response diff --git a/webapp/titanembeds/static/css/embed.css b/webapp/titanembeds/static/css/embed.css index 1499860..f273719 100644 --- a/webapp/titanembeds/static/css/embed.css +++ b/webapp/titanembeds/static/css/embed.css @@ -611,6 +611,27 @@ a { } } +#third-party-cookies-notice { + color: #721c24; + background-color: #f8d7da; + border-color: #f5c6cb; + padding: 5px; + border-radius: 10px; +} + +#third-party-cookies-notice h5 { + font-weight: 700; +} + +#third-party-cookies-notice a { + color: #040505; + text-decoration: underline; +} + +#third-party-cookies-notice p { + font-size: 12pt; +} + #nameplate { cursor: pointer; background: transparent; diff --git a/webapp/titanembeds/static/js/embed.js b/webapp/titanembeds/static/js/embed.js index e4388b0..e8bb5c3 100644 --- a/webapp/titanembeds/static/js/embed.js +++ b/webapp/titanembeds/static/js/embed.js @@ -21,6 +21,7 @@ /* global EmojiConvertor */ /* global post_timeout */ /* global is_peak */ +/* global cookie_test_s2_URL */ (function () { const theme_options = ["DiscordDark", "FireWyvern", "IceWyvern", "MetroEdge", "BetterTitan"]; // All the avaliable theming names @@ -2408,3 +2409,28 @@ function submit_unauthenticated_captcha() { // To be invoked when recaptcha is c $('#recaptchamodal').modal('close'); $("#submit-unauthenticated-captcha-btn").click(); } + +window._3rd_party_test_step1_loaded = function () { + // At this point, a third-party domain has now attempted to set a cookie (if all went to plan!) + var step2El = document.createElement('script'); + // And load the second part of the test (reading the cookie) + step2El.setAttribute('src', cookie_test_s2_URL); + document.getElementById("third-party-cookies-notice").appendChild(step2El); +}; + +window._3rd_party_test_step2_loaded = function (cookieSuccess) { + if (!cookieSuccess) { + $("#third-party-cookies-notice").show().addClass("done"); + $("#login-greeting-msg, #loginmodal-maincontent").hide(); + } else { + $("#third-party-cookies-notice").hide().addClass("done"); + $("#login-greeting-msg, #loginmodal-maincontent").show(); + } +}; + +window.setTimeout(function(){ + var noticeDiv = $("#third-party-cookies-notice"); + if (!noticeDiv.hasClass("done")) { + window._3rd_party_test_step2_loaded(false); + } +}, 7*1000); diff --git a/webapp/titanembeds/templates/embed.html.j2 b/webapp/titanembeds/templates/embed.html.j2 index ea32c91..9e63db3 100644 --- a/webapp/titanembeds/templates/embed.html.j2 +++ b/webapp/titanembeds/templates/embed.html.j2 @@ -127,7 +127,11 @@