1785872 - Support for non-domain specific cookie rules that allow handling of CMPs

Status: RESOLVED FIXED

(Core :: Privacy: Anti-Tracking, enhancement, P3)

Description

[Paul Zühlcke [:pbz]]

We can extend the nsICookieBannerService to return general click rules for all sites which can handle a range of different Consent Management Providers (CMP). This will greatly increase our cookie banner handling coverage since there are only a few major CMPs.

This is a similar approach to the consent-o-matic extension.

We can extend getClickRuleForDomain which is added in Bug 1783045 to return site specific clicking rules if there are any and otherwise fall back to returning a common list of CMP clicking rules.

Comment 1

[Paul Zühlcke [:pbz]]

I've looked into this a bit more, here are my findings:

Running JSWindowActor code with query selectors for every site could have a noticable performance impact. We need to investigate this further. We should gate this feature behind a pref so we can turn if off if we run into performance issues. It also allows us to do experimentation on Nightly.

Required implementation updates:

Rule JSON Storage (remote settings / GitHub):

• There needs to be a new global rule type. We could simply set domain to * to indicate a global rule.
• Global rules still need to be keyed in order to update them on remote settings sync. Could use the built-in id field for that.

nsICookieBannerService:

• Needs to be extended with a separate field to store a list of global rules.
• Global rules still need to be keyed in storage with a unique identifier in order to support updates via remote settings. Consider adding an explicit ID field for that. We can key rules associated with a domain by domain as we do currently, while global rules could use another ID, e.g. generated by RemoteSettings.
• The rules getter in nsICookieBannerService needs to be extended to return both domain-keyed and global rules
• getClickRuleForDomain needs to return an array of click rules. If there is a domain-specific rule only that should be returned. Otherwise we can return an array of global rules.

CookieBannerChild:

• Needs to be refactored to handle a list of click rules instead of a single click rule
• #detectBanner needs to run query selectors for all rules in the array.
• The other methods e.g. for clicking banner buttons also need to take multiple rules into account, because there may be rules where the presence selector is the same, but the button selectors are different. e.g. we've seen this with onetrust rules.

Comment 2

[Paul Zühlcke [:pbz]]

Attachment: Bug 1785872 - Global CookieBannerRules. r=timhuang!

Comment 3

[Paul Zühlcke [:pbz]]

Attachment: Bug 1785872 - Extend tests for global CookieBannerRules. r=timhuang!

Depends on D156692

Comment 4

[Pulsebot]

Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fe912276f57e
Global CookieBannerRules. r=timhuang
https://hg.mozilla.org/integration/autoland/rev/26d1bda11790
Extend tests for global CookieBannerRules. r=timhuang

Comment 5

[Norisz Fay [:noriszfay]]

https://hg.mozilla.org/mozilla-central/rev/fe912276f57e
https://hg.mozilla.org/mozilla-central/rev/26d1bda11790