fix: do not store anonymous token in cookie when user has opted out #233
Conversation
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit b13c0ac:
|
ghost
requested review from
francoischalifour and
shortcuts
and removed request for
a team
eunjae-lee
requested review from
tkrugg and
Haroenv
and removed request for
shortcuts
|
I think it makes sense, although we might need to change opt out to opt in in the next major |
|
From my perspective, this does not break any feature because the library does nothing with the content of the cookie when passed |
Hey @tkrugg , this cookie is still read by InstantSearch with Insights (but not written). By the way, we need to think a little more about InstantSearch side, because so far we already assumed we always have a token because of anonymous user token. However now there could be really nothing, meaning hasUserOptedOut: true will make a hole. We should prevent events being sent with no token and alert the devs via warning messages and docs. Does it make sense? @Haroenv @francoischalifour @tkrugg |
|
yes, we should not send when there's no user token, nor anonymous one and error in development for that case |
|
@eunjae-lee Makes sense to me. |
Hey @eunjae-lee this isn't quite clear to me yet. FYI documentation is being updated to reflect this change here: algolia/doc#5053. |
|
@tkrugg oh you're right 🤦🏻♂️ Thank you! |
Summary
This PR follows
userHasOptedOuta step further.Even with
userHasOptedOut: true, search-insights created anonymous user token and stored it in the cookie, which is totally not used at all. (I'm not talking about the possibility of that customers could've read that cookie directly for some reason)In my opinion, this shouldn't be treated as a breaking change. What do you think?
ps. I put the people I recently talked about this with as reviewers.