-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle cookies when not allowed #65
Comments
I turned off cookies in firefox and got a blank screen with this console message (serving client.max.js from the recent wiki@beta) The debugger directed me to this line. I can't explain the issue. I'm not in favor of warning messages but I am in favor of understanding the logic behind this error. Perhaps @i2p-lbt can track down some documentation for us. |
Understanding things is a good approach. Writing software that has dependencies in terms of requiring something but not determining if its available / not telling the user about it sounds like a bad concept. Hope you didn't mean it that way, as it doesn't allow the user to understand what's going on/wrong, either. If you dare to take a look outside, then check https://en.wikipedia.org/wiki/HTTP_cookie#EU_cookie_directive too - FedWikis might actually be kind of illegal in certain countries. Not sure if/how deep you want to get into that, but doesn't sound like you should generally ignore it, either. And I don't know how the code is organised, so I'm probably not the right one to debug this at the moment. I don't have the max version, so what I see is:
This reference to line 3 then is not readable (minimised code, it's kind of a long line), but probably points to the same place as shown by you. Accessing the local storage for the first time here, maybe? It's been time since I played around with local storage, but as http://www.w3schools.com/HTML/html5_webstorage.asp points out:
In Firefox Local Storage is controlled by the cookie-policy, although they do not make that very clear in the UI. So while "no cookies", it's also "no local storage". We can capture that scenario rather well, though, with the above. There's actually more to it, though. If I understand the notes on Safari mobile at https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_AP correctly, then FedWiki will not work on those. On that page also read the section on Private Browsing Modes and the problems related to local storage. There several situations in which browsers will delete the local storage. But with an opt-in (making the user consciously chose her/his mode of operation), that's all resolved. An according presence-check for cookies can be found at http://www.w3schools.com/js/js_cookies.asp. Now all of this is Javascript and thus depending on that being enabled. Checking Javascript on the server-side is not that trivial. The answer at http://stackoverflow.com/questions/121203/how-to-detect-if-javascript-is-disabled is worth reading (if that is an indicator for you, the question got 400+ upvotes and the answer 200+):
Logically I fail to see a necessity for requiring a cookie to be set if only viewing a page without logging in, even if putting the privacy and legal issues aside. But technically this is pretty much the same thing to address as with the Javascript as can be seen from above. It should be easy to check for the presence of all of these as mentioned above and just deal with not having them. Only pointing this out to the user is the "easy" (in terms of fast to implement) way. But it should allow to address the legal issues I guess. Providing an alternative is what I would see as the proper way. Even if that alternative has limits, then. Let's point those out, too. At least that seems a sensible approach to me. |
I noticed a FedWiki does not display it's content properly even with Javascript enabled if cookies are forbidden. It took me a moment to realise what's the problem. I don't know if there is a technical reason, as the client should still be able to retrieve the content? So maybe that's even a bug. If not, maybe consider displaying a header with a warning if the cookie is not present but needed?
The text was updated successfully, but these errors were encountered: