Support for non-domain specific cookie rules that allow handling of CMPs
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox106 | --- | fixed |
People
(Reporter: pbz, Assigned: pbz)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
We can extend the nsICookieBannerService to return general click rules for all sites which can handle a range of different Consent Management Providers (CMP). This will greatly increase our cookie banner handling coverage since there are only a few major CMPs.
This is a similar approach to the consent-o-matic extension.
We can extend getClickRuleForDomain which is added in Bug 1783045 to return site specific clicking rules if there are any and otherwise fall back to returning a common list of CMP clicking rules.
|
Assignee | |
Comment 1•2 years ago
|
||
I've looked into this a bit more, here are my findings:
Running JSWindowActor code with query selectors for every site could have a noticable performance impact. We need to investigate this further. We should gate this feature behind a pref so we can turn if off if we run into performance issues. It also allows us to do experimentation on Nightly.
Required implementation updates:
Rule JSON Storage (remote settings / GitHub):
- There needs to be a new global rule type. We could simply set
domainto*to indicate a global rule. - Global rules still need to be keyed in order to update them on remote settings sync. Could use the built-in id field for that.
nsICookieBannerService:
- Needs to be extended with a separate field to store a list of global rules.
- Global rules still need to be keyed in storage with a unique identifier in order to support updates via remote settings. Consider adding an explicit ID field for that. We can key rules associated with a domain by domain as we do currently, while global rules could use another ID, e.g. generated by RemoteSettings.
- The
rulesgetter innsICookieBannerServiceneeds to be extended to return both domain-keyed and global rules getClickRuleForDomainneeds to return an array of click rules. If there is a domain-specific rule only that should be returned. Otherwise we can return an array of global rules.
CookieBannerChild:
- Needs to be refactored to handle a list of click rules instead of a single click rule
- #detectBanner needs to run query selectors for all rules in the array.
- The other methods e.g. for clicking banner buttons also need to take multiple rules into account, because there may be rules where the presence selector is the same, but the button selectors are different. e.g. we've seen this with onetrust rules.
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 2•2 years ago
|
||
|
|
Assignee | |
Comment 3•2 years ago
|
||
Depends on D156692
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Pushed by pzuhlcke@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/fe912276f57e Global CookieBannerRules. r=timhuang https://hg.mozilla.org/integration/autoland/rev/26d1bda11790 Extend tests for global CookieBannerRules. r=timhuang
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/fe912276f57e
https://hg.mozilla.org/mozilla-central/rev/26d1bda11790
Description
•