Bug 220901

Summary: [GTK] Usercentrics overlay blocks usage of multiple websites
Product: WebKit Reporter: Peter <peter.weber>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, bugs-noreply, jan.brummer, mcatanzaro, simon.fraser, smoley, zalan
Priority: P2 Keywords: DoNotImportToRadar, Gtk
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
commerzbank.de none

Description Peter 2021-01-24 13:04:44 PST 
Hello!
For approximately one year I noticed that various websites are not usable because they load some sort of consent statement regarding cookies[1] or the GDPR. The websites show a transparent layer above the content - which prevents actual usage - and fail to show the usual buttons "OK" or "EVEN MORE COOKIES".

Examples:
German state of Bavaria - Corona regulations https://www.gesetze-bayern.de/Content/Document/BayEQV/true
Mey - Underwear manufacturer - https://www.mey.com/de/
Commerzbank - Bank https://www.commerzbank.de/

Example screeshot, with web-inspector open:
https://i.imgur.com/P9nu1sx.png

With the web-inspector, I'm able to hide the `div` element with the id `usercentrics-button` and access the website. Sadly I don't know what technically goes wrong. I noticed that Usercentrics GmbH [2] in Germany is providing this. It looks like Usercentrics GmbH figured out a way of making money off the consent dialogs. Just follow their customer list and you will find probably many broken websites. Maybe this JavaScript [3] includes the cause? 

Another prominent user of this is the Heise Verlag [4] but there it seems to work as desired. And the Heise Verlag uses another another JavaScript [5] file.

I'm running Archlinux with epiphany "3.38.2-1" and webkit2gtk "2.30.4-3".

Thank you


[1] Dear politicians. You tried to protect us and improve the web but you made it even worse.
[2] https://usercentrics.com
[3] https://app.usercentrics.eu/latest/main.js
[4] https://www.heise.de/
[5] https://app.usercentrics.eu/browser-ui/latest/bundle.js
Comment 1 Alexey Proskuryakov 2021-01-24 17:21:01 PST 
Created attachment 418246 [details]
commerzbank.de

I cannot reproduce this on commerzbank.de, the buttons are present (see screenshot).
Comment 2 Alexey Proskuryakov 2021-01-24 17:21:32 PST 
I'm using Safari, to be clear.
Comment 3 Jan-Michael Brummer 2021-01-25 04:21:10 PST 
Note: As soon as cookie storage for websites is disabled (web tracking), pages are working fine.
Comment 4 Michael Catanzaro 2021-01-25 09:01:09 PST 
With WebKitGTK 2.31.1, I was able to reproduce this on all of the affected websites yesterday, but today they all work fine. Odd.
Comment 5 Peter 2021-01-26 01:38:04 PST 
Jan-Michael is right. I can confirm that turning of support for Cookies bypasses the issue:

1.) Hamburger-Menu from CSD (Window-Frame)
2.) Preferences
3.) Tab Privacy
4.) Turn off "Website Data Storage"

I had the hope that the privacy window has the same effect but that doesn't worked out. I'm sorry that I didn't mentioned in the title that this is specific to WebKit2Gtk.

The websites remain here broken with the stable release when I visit them multiple times. Maybe some other issue around caching or internal state in the development release?
Comment 6 Peter 2024-03-04 07:17:13 PST 
Seems to work now on most sites I remember using this.