Skip to content

feat: Implement cross-domain cookie sharing #15849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
petesfrench wants to merge 1 commit into
base: main
Choose a base branch
from
+46 −5
Open

feat: Implement cross-domain cookie sharing #15849

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions konf/site.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,10 @@ env:
key: wordpress-username
name: wordpress-api

- name: COOKIE_SERVICE_API_KEY
secretKeyRef:
key: cookies-api-key
name: cookies-canonical-com-credentials

memoryLimit: 512Mi

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@
},
"dependencies": {
"@axe-core/playwright": "^4.8.5",
"@canonical/cookie-policy": "^3.7.4",
"@canonical/cookie-policy": "3.8.0",
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version specifier has changed from a flexible semantic version range (^3.7.4) to an exact version pin (3.8.0). This inconsistency with other dependencies (which use flexible ranges like ^) may make future updates more difficult. Consider using ^3.8.0 or ~3.8.0 to allow automatic patch updates while maintaining the current minor version, consistent with other dependencies like @canonical/global-nav.

Suggested change
"@canonical/cookie-policy": "3.8.0",
"@canonical/cookie-policy": "^3.8.0",

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description states that the cookie-policy package should be bumped to version 3.8.1, but the actual version in the code is 3.8.0. Please update to 3.8.1 to match the PR description, or update the description if 3.8.0 is the intended version.

Suggested change
"@canonical/cookie-policy": "3.8.0",
"@canonical/cookie-policy": "3.8.1",

Copilot uses AI. Check for mistakes.
"@canonical/global-nav": "3.8.0",
"@canonical/latest-news": "2.1.1",
"@canonical/react-components": "^0.60.0",
Expand Down
2 changes: 2 additions & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ canonicalwebteam.image-template==1.9.0
canonicalwebteam.discourse==7.1.0
canonicalwebteam.form-generator==2.1.0
canonicalwebteam.directory-parser==1.2.10
canonicalwebteam.cookie-service==1.0.0
Flask-Caching==2.1.0
python-dateutil==2.8.2
pytz==2022.7.1
maxminddb-geolite2==2018.703
Expand Down
35 changes: 35 additions & 0 deletions webapp/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
import talisker.requests
from jinja2 import ChoiceLoader, FileSystemLoader
import yaml
from flask_caching import Cache
from datetime import timedelta

from canonicalwebteam.blog import BlogAPI, BlogViews, build_blueprint
from canonicalwebteam.discourse import (
Expand All @@ -31,6 +33,7 @@
from canonicalwebteam.search import build_search_view
from canonicalwebteam.templatefinder import TemplateFinder
from canonicalwebteam.form_generator import FormGenerator
from canonicalwebteam.cookie_service import CookieConsent

from webapp.certified.views import certified_routes
from webapp.handlers import init_handlers
Expand Down Expand Up @@ -263,6 +266,38 @@

init_handlers(app, sentry)

# Configuration for shared cookie service

# Configure Flask session
app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(days=365)
app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
app.config["SESSION_COOKIE_HTTPONLY"] = True
app.config["SESSION_COOKIE_SECURE"] = True

# Number of days before preference cookies expire (default: 365)
app.config["PREFERENCES_COOKIE_EXPIRY_DAYS"] = 365

# Initialize Flask-Caching
app.config["CACHE_TYPE"] = "SimpleCache"
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SimpleCache is not thread-safe and should not be used in production environments. According to Flask-Caching documentation, SimpleCache is only suitable for development. For production, consider using RedisCache, MemcachedCache, or FileSystemCache. This is particularly important since the cookie service health check runs in the background and could cause race conditions.

Suggested change
app.config["CACHE_TYPE"] = "SimpleCache"
app.config["CACHE_TYPE"] = "FileSystemCache"
app.config["CACHE_DIR"] = "/tmp/flask_cache"

Copilot uses AI. Check for mistakes.
cache = Cache(app)


# Set up cache functions for cookie consent service
def get_cache(key):
return cache.get(key)


def set_cache(key, value, timeout):
cache.set(key, value, timeout)


cookie_service = CookieConsent().init_app(
app,
get_cache_func=get_cache,
set_cache_func=set_cache,
start_health_check=True,
)
Comment on lines +269 to +299
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing documentation for the cookie service configuration. Consider adding comments explaining:

  • What the COOKIE_SERVICE_API_KEY environment variable is used for (defined in konf/site.yaml but not explicitly referenced here)
  • The purpose of each configuration option
  • Why SimpleCache is being used and its limitations for production deployments

Copilot uses AI. Check for mistakes.


# Prepare forms
def init_forms():
Expand Down
8 changes: 4 additions & 4 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1206,10 +1206,10 @@
resolved "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz"
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==

"@canonical/cookie-policy@^3.7.4":
version "3.7.5"
resolved "https://registry.yarnpkg.com/@canonical/cookie-policy/-/cookie-policy-3.7.5.tgz#29dfbc1f6d42dbdcdf6125330083a2ccde7d93d0"
integrity sha512-Fi0a8vk9q7L4Em4TiMTYDYnGGnHBfpOwOv7WGWbA/apT6whl33V6HFTTcN+LcY5UnoSNBTZmQn4YBwqLOVdZyQ==
"@canonical/cookie-policy@3.8.0":
version "3.8.0"
resolved "https://registry.yarnpkg.com/@canonical/cookie-policy/-/cookie-policy-3.8.0.tgz#8f20b5d6d0c2e5553bbe05d1513f7f1af7d0836c"
integrity sha512-njUYf10gFmuXr47Aj5jayuFbyq08IkBdr/W6qtvHjZvJ8Dt4ru9ehMacWa4mostfQoXVARusIucOARSgnMoArg==

"@canonical/global-nav@3.8.0":
version "3.8.0"
Expand Down
Loading