Bug 220901

Summary: [GTK] Usercentrics overlay blocks usage of multiple websites
Product: WebKit Reporter: Peter <peter.weber>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, bugs-noreply, jan.brummer, mcatanzaro, simon.fraser, smoley, zalan
Priority: P2 Keywords: DoNotImportToRadar, Gtk
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
commerzbank.de none

Peter
Reported 2021-01-24 13:04:44 PST
Hello! For approximately one year I noticed that various websites are not usable because they load some sort of consent statement regarding cookies[1] or the GDPR. The websites show a transparent layer above the content - which prevents actual usage - and fail to show the usual buttons "OK" or "EVEN MORE COOKIES". Examples: German state of Bavaria - Corona regulations https://www.gesetze-bayern.de/Content/Document/BayEQV/true Mey - Underwear manufacturer - https://www.mey.com/de/ Commerzbank - Bank https://www.commerzbank.de/ Example screeshot, with web-inspector open: https://i.imgur.com/P9nu1sx.png With the web-inspector, I'm able to hide the `div` element with the id `usercentrics-button` and access the website. Sadly I don't know what technically goes wrong. I noticed that Usercentrics GmbH [2] in Germany is providing this. It looks like Usercentrics GmbH figured out a way of making money off the consent dialogs. Just follow their customer list and you will find probably many broken websites. Maybe this JavaScript [3] includes the cause? Another prominent user of this is the Heise Verlag [4] but there it seems to work as desired. And the Heise Verlag uses another another JavaScript [5] file. I'm running Archlinux with epiphany "3.38.2-1" and webkit2gtk "2.30.4-3". Thank you [1] Dear politicians. You tried to protect us and improve the web but you made it even worse. [2] https://usercentrics.com [3] https://app.usercentrics.eu/latest/main.js [4] https://www.heise.de/ [5] https://app.usercentrics.eu/browser-ui/latest/bundle.js
Attachments
commerzbank.de (1.48 MB, image/png)
2021-01-24 17:21 PST, Alexey Proskuryakov 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2021-01-24 17:21:01 PST
Created attachment 418246 [details] commerzbank.de I cannot reproduce this on commerzbank.de, the buttons are present (see screenshot).
Alexey Proskuryakov
Comment 2 2021-01-24 17:21:32 PST
I'm using Safari, to be clear.
Jan-Michael Brummer
Comment 3 2021-01-25 04:21:10 PST
Note: As soon as cookie storage for websites is disabled (web tracking), pages are working fine.
Michael Catanzaro
Comment 4 2021-01-25 09:01:09 PST
With WebKitGTK 2.31.1, I was able to reproduce this on all of the affected websites yesterday, but today they all work fine. Odd.
Peter
Comment 5 2021-01-26 01:38:04 PST
Jan-Michael is right. I can confirm that turning of support for Cookies bypasses the issue: 1.) Hamburger-Menu from CSD (Window-Frame) 2.) Preferences 3.) Tab Privacy 4.) Turn off "Website Data Storage" I had the hope that the privacy window has the same effect but that doesn't worked out. I'm sorry that I didn't mentioned in the title that this is specific to WebKit2Gtk. The websites remain here broken with the stable release when I visit them multiple times. Maybe some other issue around caching or internal state in the development release?
Peter
Comment 6 2024-03-04 07:17:13 PST
Seems to work now on most sites I remember using this.
Note You need to log in before you can comment on or make changes to this bug.