-
Notifications
You must be signed in to change notification settings - Fork 10.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add filter to apply Base64 encoding to order attribution cookies #47597
Conversation
Test using WordPress PlaygroundThe changes in this pull request can be previewed and tested using a WordPress Playground instance. Test this pull request with WordPress Playground. Note that this URL is valid for 30 days from when this comment was last updated. You can update it by closing/reopening the PR or pushing a new commit. |
Hi , @woocommerce/ventures Apart from reviewing the code changes, please make sure to review the testing instructions as well. You can follow this guide to find out what good testing instructions should look like: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested, works as expected. The code changes look good. 👍
I have just one small comment about the PR description / test instruction:
3. Check in the cookies to see that the cookie values are Base64 (just alphanumeric, no
%
or=
).
I'm thinking it may be good to mention why the base64 encoded values do not have the =
padding (reference: woocommerce/sourcebuster-js#6 (comment)), for our future selves and for the uninitiated (it can be confusing for other people because it may not be exactly base64 encoded values since the =
is removed).
Thanks @ecgan! I added another note to the PR description. |
Changes proposed in this Pull Request:
In the continuing effort to make the order attribution functionality available for stores on any servers, and in light of several recent mentions of different web application firewalls and rulesets that are still being incorrectly triggered, this PR:
wc_order_attribution_use_base64_cookies
filter flag to enable Base64 encoding for Sourcebuster cookies. Merchants who have been blocked from updating to a newer version of WooCommerce due to WAFs falsely flagging the Sourcebuster cookies should hopefully be able to get around this by enabling this encoding.Related to #43681 and #43413.
Notes:
=
from the end of the resulting string after encoding, to ensure the value is solely alphanumeric.How to test the changes in this Pull Request:
👉🏻 Prerequisites: store with products and configured to allow checkouts and with order attribution enabled.
Test1: Order attribution works as normal with the new Sourcebuster version (no filter enabled)
wc_order_attribution.getAttributionData()
and see that source data is retrieved (probablysource_type:'typein'
)sbjs_*
cookies are in the original format (URL encoded,param=value|||param=value|||…
):**Test 2: Order attribution works with new filter **
add_filter( 'wc_order_attribution_use_base64_cookies', '__return_true' );
site.com/shop/?utm_source=test_source_base64&utm_campaign=Éürøpãp🅰️&utm_medium=test_medium
%
or=
).wc_order_attribution.getAttributionData()
and see that source data is retrievedwc_order_attribution.getAttributionData()
**Test 3: Order attribution works with for users who have cookies in the old format **
site.com/shop/?utm_source=test_source_base64&utm_campaign=Éürøpãp🅰️&utm_medium=test_medium
wc_order_attribution.getAttributionData()
and see that source data is retrievedTest 4: Order attribution works with for users who have cookies in the new format if the filter is disabled
site.com/shop/?utm_source=test_source_base64&utm_campaign=Éürøpãp🅰️&utm_medium=test_medium
wc_order_attribution.getAttributionData()
and see that source data is retrievedTest 5: Order attribution works with filter enabled using other checkout type
Changelog entry
Significance
Type
Message
Comment