Cookie consent form

[sterlingbaldwin]

Amusingly but also annoyingly, some sites return a cookie consent form instead of content. See below where NPR tells us what a cookie is. This might be geolocation specific, Im in Ireland now, but before when I was in San Diego I never had this problem.

[j6k4m8]

Ha — talk about high quality content delivered straight to your tablet!

I haven't experienced this (I think it is indeed a geo thing!) but I will see if I can figure out how to address; thanks for reporting!!

[j6k4m8]

@sterlingbaldwin Can you share (here or privately) your goosepaper config file that's returning this page? I'm struggling to get it to interrupt the RSS download, even when I mock my geo location. Thanks again for reporting!

[sterlingbaldwin]

It was the default config for the NPR RSS feed. Im in Dublin Ireland. If you like I can do a request manually (just using the requests library) and post the full contents of the results.

[j6k4m8]

Sorry for the slow progress here, I'm having a tough time getting the cookies warning to render for me over here in the US. If you could upload a saved HTML version of the page, it would be super helpful!

[dorianim]

I have the same issue in Germany. Can I help in any way?

[dorianim]

So what I found out:

• curl https://feeds.npr.org/1001/rss.xml -> I took the latest link from here (https://www.npr.org/2022/03/19/1087265230/4-reasons-why-social-media-can-give-a-skewed-account-of-the-war-in-ukraine)
• curl -L https://www.npr.org/2022/03/19/1087265230/4-reasons-why-social-media-can-give-a-skewed-account-of-the-war-in-ukraine -> I get:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta name="robots" content="noindex, nofollow">
    <meta content="text/html;charset=utf-8" http-equiv="Content-Type">
    <meta content="utf-8" http-equiv="encoding">
    <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, shrink-to-fit=no" />

    <title>NPR Cookie Consent and Choices</title>

    <link rel="stylesheet" media="screen, print" href="https://s.npr.org/templates/css/fonts/Knockout.css"/>
    <link rel="stylesheet" media="screen, print" href="https://s.npr.org/templates/css/fonts/GothamSSm.css"/>
    <link rel="stylesheet" media="screen, print" href="css/choice-stylesheet.css"/>
    <script type="text/javascript" src="./js/redirects.js"></script>
    <script type="text/javascript" src="./js/domains.js"></script>
</head>
<body>
<main class="content" id="content">
    <header role="banner">
        <img src="https://media.npr.org/chrome_svg/npr-logo.svg" alt="NPR logo" class="npr-logo"/>

        <h1 class="header-txt">Cookie Consent and Choices</h1>

        <div id="npr-rule" role="presentation"><span></span><span></span></div>
    </header>

    <section class="main-section">
        <p>
            NPR&rsquo;s sites use cookies, similar tracking and storage technologies, and information about the device you use to access our sites (together, &ldquo;cookies&rdquo;) to enhance your viewing, listening and user experience, personalize content, personalize messages from NPR&rsquo;s sponsors, provide social media features, and analyze NPR&rsquo;s traffic. This information is shared with social media, sponsorship, analytics, and other vendors or service providers.
            <a href="https://text.npr.org/s.php?sId=609791368">See details</a>.
        </p>

        <p>
            You may click on &ldquo;<strong>Your Choices</strong>&rdquo; below to learn about and use cookie management tools to limit use of cookies when you visit NPR&rsquo;s sites. This page will also tell you how you can reject cookies and still obtain access to NPR’s sites, and you can adjust your cookie choices in those tools at any time. If you click &ldquo;<strong>Agree and Continue</strong>&rdquo; below, you acknowledge that your cookie choices in those tools will be respected and that you otherwise agree to the use of cookies on NPR&rsquo;s sites.
        </p>

        <p class="acceptance-date" id="acceptanceDate"></p>

        <div class="user-actions">
            <button class="user-action user-action--accept" id="accept">Agree and Continue</button>

            <a class="user-action user-action--text" id="textLink" href="https://text.npr.org/s.php?sId=609131973#your-choices">YOUR CHOICES</a>
        </div>

        <footer class="footer">
            <p>NPR&rsquo;s <a href="https://text.npr.org/s.php?sId=179876898">Terms of Use</a> and <a
                    href="https://text.npr.org/s.php?sId=609131973">Privacy Policy</a>.</p>
        </footer>
    </section>
</main>

<script>
    // self executing function here
    (function () {
        var choiceVersion = 1;

        // Return true is the origin param is present in the URL
        // Make sure origin starts with "https://" in order to avoid cross-site scripting attack
        var hasOrigin = function () {
            var searchParam = window.location.search;
            return searchParam.substr(0, 16) === '?origin=https://';
        };

        // Append choiceRedirect=true to a destination
        // This will tell use that a user has been already redirected by the choice page
        // stopping a potential infinite redirect loop
        var addChoiceRedirectParam = function (url) {
            var paramControl = '?';
            if (url.includes('?')){
                paramControl = '&';
            }
            return url + paramControl + 't=' + (new Date()).getTime();
        }

        // Redirect made from AKAMAI will include the original
        // destination with the request ex:
        // https://www.npr.org/choice.html?origin=https://www.npr.org/about-npr/178660742/public-radio-finances
        var getDestination = function () {
            var searchParam = window.location.search;
            if (hasOrigin()) {
                var destination = searchParam.substr(8);
                if (checkOrigin(destination)) {
                    return destination;
                }
            }
            return 'https://www.npr.org';
        };

        var getCookie = function (name) {
            var value = "; " + document.cookie;
            var parts = value.split("; " + name + "=");
            if (parts.length == 2) return parts.pop().split(";").shift();
            return false;
        };

        var create_cookie = function (name, value) {
            // Cookies have a tendency to expire, so I arbitrarily set the max age to 10 year
            document.cookie = name + '=' + value + ';secure;path=/;domain=npr.org;max-age=315360000;';
        };

        // True is user previously accepted the correct version of the consent page
        var hasPreviouslyAcceptedChoiceOptions = function () {
            return getCookie('trackingChoice') && getCookie('choiceVersion') == choiceVersion;
        }

        // Grab the thing id form the destination
        var getThingId = function (destination) {
            var yearMonthDateWithPreFixReg = /https:\/\/www\.npr\.org\/([a-z]+\/){0,2}\d{4}\/\d{2}\/\d{2}\/(\d+)\/.*/;
            var match = yearMonthDateWithPreFixReg.exec(destination);
            if (match) {
                return match[2];
            }

            var noDateUrlRegex = /https:\/\/www\.npr\.org\/([a-z]+\/){1,2}(\d+)\/.*/;
            match = noDateUrlRegex.exec(destination);
            if (match) {
                return match[2];
            }

            var thingIdByParam = /https:\/\/www\.npr\.org\/.*[iI]d=(\d{4,}).*/;
            match = thingIdByParam.exec(destination);
            if (match) {
                return match[1];
            }

            // Check if we have a hard coded page url
            //Remove https://www.npr.org from the destination
            var location = destination.substr(19);
            for (var key in redirectLookup) {
                // If the first part of the location matches a
                // hard coded url, then we have a match.
                if (location.startsWith(key)){
                    return redirectLookup[key];
                }
            }

            return false;
        }

        document.getElementById('accept').addEventListener('click', function () {
            var d = new Date();
            var dateOfChoice = d.getTime();

            create_cookie('trackingChoice', 'true');
            create_cookie('choiceVersion', choiceVersion);
            create_cookie('dateOfChoice', dateOfChoice);
            window.location = addChoiceRedirectParam(getDestination());
        });

        var thingId = getThingId(getDestination());
        if (thingId) {
            document.getElementById('textLink').href = "https://text.npr.org/r.php?id=" + thingId;
        }

        if (hasOrigin() && hasPreviouslyAcceptedChoiceOptions()) {
            // If the user has already accepted the choice options
            // and has an origin param in his request
            // We will redirect him to that origin request.
            // This will solve the issue where applications are caching 307 redirects
            window.location = addChoiceRedirectParam(getDestination());
        } else if (hasPreviouslyAcceptedChoiceOptions()) {
            var lastDateOfChoice = getCookie('dateOfChoice');
            var d = new Date(parseInt(lastDateOfChoice, 10));
            var dateString = "On "
                + (d.getMonth() + 1)
                + "/"
                + d.getDate()
                + "/"
                + d.getFullYear()
                + " you agreed to the above.";
            document.getElementById('acceptanceDate').innerText = dateString;
            document.getElementById('content').classList.add('accepted');
        }

    })();
</script>
</body>
</html>

Which is only a cookie consent, as you can see.

Maybe this is related to the EU GDPR?

[sterlingbaldwin]

Ya, thats what I was assuming. In the EU you basically get a "do you accept these cookies?" pop up on every website the first time you visit.