From 6c2af9e6964aafaec55a79c502a58eee452282fc Mon Sep 17 00:00:00 2001 From: Tom Byers Date: Thu, 23 Jan 2020 12:07:18 +0000 Subject: [PATCH] Set cookie on document host by removing domain Cookies using the hostname as a domain will be set with a prefix of `.` by browsers, it seems to ensure all subdomains are included in the scope. When deleting the `seen_cookie_message` cookie we want to set its domain without a `.` prefix, to match the domain set by the original code. Leaving the `domain` attribute out from the cookie string will ensure the `.` prefix is not set. --- app/assets/javascripts/cookieMessage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/cookieMessage.js b/app/assets/javascripts/cookieMessage.js index 1ce760bfc..e6419bd35 100644 --- a/app/assets/javascripts/cookieMessage.js +++ b/app/assets/javascripts/cookieMessage.js @@ -9,7 +9,7 @@ window.GOVUK.Modules = window.GOVUK.Modules || {}; // clear old cookie set by our previous JS, set on the www domain if (window.GOVUK.cookie('seen_cookie_message')) { - document.cookie = 'seen_cookie_message=;expires=' + new Date() + ';domain=' + window.location.hostname + ';path=/'; + document.cookie = 'seen_cookie_message=;expires=' + new Date() + ';path=/'; } if (consent === null) {