[Feat]: Allow leaving out Domain in CookieConsent cookie #793
Description
Description
Currently, CookieConsent will ALWAYS (except on localhost) set the ;Domain=... attribute on the cc_cookie cookie it creates to store preferences.
However, according to MDN, leaving out ;Domain=... when creating the cookie has a different behavior than explicitly setting the ;Domain=... attribute to f.e. window.location.hostname:
"If not specified, this defaults to the host portion of the current document location and the cookie is not available on subdomains. If a domain is specified, subdomains are always included. Contrary to earlier specifications, leading dots in domain names are ignored, but browsers may decline to set the cookie containing such dots."
What I would like is that the cookie is only available on my root domain, NOT it's subdomains. However, this is currently not possible since I cannot prevent ;Domain=... from being specified...
Please add a way to prevent CookieConsent from specifying ;Domain=... when creating it's cookie.
Proposed solution
Maybe, when cookie.domain is null, it will explicitly leave it out:
CookieConsent.run({
cookie: {
domain: null, // Don't set `;Domain=...`
// ...
},
// ...
});Or, use an extra config key, like cookie.omitDomain:
CookieConsent.run({
cookie: {
omitDomain: true, // Don't set `;Domain=...`
// ...
},
// ...
});Additional details
Here is the code which always adds the ;Domain=... attribute to the cookie:
cookieconsent/src/utils/cookies.js
Line 268 in c3882de