WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 25 hours ago

#44373 reopened enhancement

Add a privacy setting to disable comment cookie consent

Reported by: mirkoschubert Owned by: azaozz
Milestone: 4.9.8 Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: needs-patch
Focuses: ui, administration, privacy Cc:

Description

The administrator of the WordPress site should have a way to disable saving commenter cookies and the comment cookie consent checkbox for non-logged-in users completely.

Explanation: Storing Cookies to remember some fields of the comment form isn't particularly necessary. Since the GDPR has a concept of data reduction and data economy, many administrators may decide to pass on this feature in order to save less cookies.

Attachments (1)

44373.patch (5.3 KB) - added by azaozz 4 weeks ago.

Download all attachments as: .zip

Change History (17)

#1 @desrosj
4 weeks ago

  • Summary changed from GDPR: Add a privacy setting to disable comment cookie consent to Add a privacy setting to disable comment cookie consent

#2 @azaozz
4 weeks ago

Actually at the moment there doesn't seem to be a requirement to have cookies consent for non-tracking cookies. In that terms I agree that showing the "comment cookies opt-in checkbox" in the comments form should be optional.

This is also somewhat related to #43857. Commenter cookies are sometimes used to give feedback to the commenter, usually showing the comment only to the commenter when it is still awaiting moderation. After #43857 gets is, they will not be needed for that any more.

Last edited 4 weeks ago by azaozz (previous) (diff)

@azaozz
4 weeks ago

#3 @azaozz
4 weeks ago

  • Milestone changed from Awaiting Review to 4.9.7

In 44373.patch: add a checkbox to the Settings -> Discussion screen for disabling/enabling of showing the commenter cookies opt-in checkbox in the comment form.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


4 weeks ago

#5 @desrosj
4 weeks ago

  • Keywords has-patch added

#6 @ocean90
2 weeks ago

  • Milestone changed from 4.9.7 to 4.9.8

4.9.7 has been released, moving to next milestone.

This ticket was mentioned in Slack in #core by jon_bossenger. View the logs.


13 days ago

#8 @pbiron
13 days ago

  • Keywords needs-testing reporter-feedback added

This ticket was mentioned in Slack in #core by joshuawold. View the logs.


10 days ago

#10 @azaozz
5 days ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 43469:

Privacy: Add a setting to disable comment cookie consent.

Fixes #44373.

#11 @azaozz
5 days ago

  • Keywords fixed-major added; needs-testing reporter-feedback removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopen for 4.9.8.

#12 @azaozz
5 days ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 43470:

Privacy: Add a setting to disable comment cookie consent.

Merges [43469] to the 4.9 branch.
Fixes #44373.

#13 @ocean90
5 days ago

Unless I'm missing something, that commit message should have been "Add a setting to enable comment cookie consent." as it's now off by default, even for existing installs which will update to the next version.

When people updated to 4.9.6 they suddenly had the checkbox. Some of them were probably happy about it, now, after updating to 4.9.8, the checkbox will disappear without further notice. Is that really the expected behaviour?
If something is off by default, don't we have to question ourselves why it's still part of core?

#14 @SergeyBiryukov
3 days ago

  • Keywords 2nd-opinion added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening to address comment:13.

Seems like the show_comments_cookies_opt_in option introduced in [43469] should be enabled by default.

#15 @SergeyBiryukov
3 days ago

This also affects the unit test in #44126.

#16 @johnbillion
25 hours ago

  • Keywords needs-patch added; has-patch fixed-major 2nd-opinion removed

This commit didn't address the original report in this ticket either.

The administrator of the WordPress site should have a way to disable saving commenter cookies and the comment cookie consent checkbox for non-logged-in users completely.

Note: See TracTickets for help on using tickets.