[FIX] website: prevent crash if unexpected cookies bar cookie value

With commit [1] we refactored the cookies bar to let the user decide if he wants to accept the cookies (and/or only part of it). Before that commit, the `website_cookies_bar` cookie could only hold `true` as value, which now is holding an object like `{"required": true, "optional": false}`. This creates an issue if a user is coming from a previous version with `true` as cookie value because since the refactoring it will crash both in JS and PY because `in` instruction with a boolean value will fail in both languages. The decision taken here is simply to remove the cookie if we face such a case so the user can decide again what he wants (since there is more choices now). It also means that we won't be holding an outdated value in the cookie any longer. [1]: https://github.com/odoo/odoo/commit/2cbda6c98ee947cea1d06c09880eee8c758304a8 opw-3074303 closes odoo/odoo#106476 Signed-off-by: Quentin Smetz (qsm) <qsm@odoo.com>

[FIX] website: prevent crash if unexpected cookies bar cookie value
22392755 · Romain Derie · 54ef19f4 · 22392755 · 22392755
Commit 22392755 authored 2 years ago by Romain Derie
--- a/addons/website/models/ir_http.py
+++ b/addons/website/models/ir_http.py
@@ -394,6 +394,13 @@ class Http(models.AbstractModel):
                # Cookies bar is disabled on this website
                return True
            accepted_cookie_types = json_scriptsafe.loads(request.httprequest.cookies.get('website_cookies_bar', '{}'))
+
+            # pre-16.0 compatibility, `website_cookies_bar` was `"true"`.
+            # In that case we delete that cookie and let the user choose again.
+            if not isinstance(accepted_cookie_types, dict):
+                request.future_response.set_cookie('website_cookies_bar', expires=0, max_age=0)
+                return False
+
            if 'optional' in accepted_cookie_types:
                return accepted_cookie_types['optional']
            return False

--- a/addons/website/static/src/js/http_cookie.js
+++ b/addons/website/static/src/js/http_cookie.js
@@ -11,6 +11,14 @@ cookieUtils.isAllowedCookie = (type) => {
            return true;
        }
        const consents = JSON.parse(cookieUtils.getCookie('website_cookies_bar') || '{}');
+
+        // pre-16.0 compatibility, `website_cookies_bar` was `"true"`.
+        // In that case we delete that cookie and let the user choose again.
+        if (typeof consents !== 'object') {
+            cookieUtils.deleteCookie('website_cookies_bar');
+            return false;
+        }
+
        if ('optional' in consents) {
            return consents['optional'];
        }