Support » Plugin: WooCommerce » Woocommerce is not GDPR compliant

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Michael

    (@mikkamp)

    Automattic Happiness Engineer

    Hi there,

    Thanks for bringing up concerns on a previous topic. However would you be able to clarify which section of that support thread hasn’t been resolved / addressed.

    Initially WooCommerce was saving the cookie when the hook “wp_loaded” was triggered. That means it would also be triggered on any frontend requests. So in WooCommerce 3.6.5 this was changed to use the hook “admin_init” instead.

    By default the hook “admin_init” should be called only when admin pages are viewed. However if we look at the documentation for this hook it mentions a few other cases when it’s called: https://codex.wordpress.org/Plugin_API/Action_Reference/admin_init

    In particular it’s called for “admin-ajax.php”. This is explained a bit more in the following documentation: https://codex.wordpress.org/AJAX_in_Plugins#Ajax_on_the_Viewer-Facing_Side

    WooCommerce itself doesn’t use any of these AJAX calls as it has it’s own method of handling frontend AJAX calls. So I’m able to confirm that with just WooCommerce and Storefront as a theme the cookie “tk_ai” does not get set for any customers when viewing the frontend of the site.

    However it is still possible that other parts of the site are still using AJAX requests which might trigger the hook “admin_init”. It would be helpful if you could point to an example where this is still happening.
    Is there a chance that there are any theme / plugin calls on your site which still triggers this?

    If you feel that WooCommerce should handle this tracking code differently then it might be best to report this directly in GitHub so the developers can have a look at how this should be changed. In that case it would be best to do so at the following location: https://github.com/woocommerce/woocommerce/issues/new/choose

    Thread Starter webformation

    (@webformation)

    Hello Michael and thankyou for your reply.

    On reading the topic noted above you will find a list of unhappy customers who have discovered that tracking cookies are being placed on their users. there is no explanation what you do with said cookie information to pass on as demanded by GDPR therefore we and by inference Woocommerce are in breech of EU law.

    In my instance yes wp-admin/admin-ajax.php is triggered and the cookie is placed on a user: such as : set-cookie tk_ai=woo%3AC0HyZdXdkK6x3W8vq6vRlnw1; path=/

    I suggest anyone else reading this goes to gtmetrix or webpagetest, take a look at their waterfall (you can’t miss it look for the big bar slowing things down). yoursite/wp-admin/admin-ajax.php click on this and let us know if it is the same for you please?

    As to Github, its beyond my pay grade, but there are others on the previous topic who have developed a work around etc. Maybe pop in there Michael, go to the 2nd page and reply to Kero….. I am sure he would be delighted 🙂
    Thanks for your attention, I look forward to hearing what others experiences are and hopefully together getting this fixed.

    Plugin Support Michael

    (@mikkamp)

    Automattic Happiness Engineer

    Hi,

    Thanks for the clarification. That does seem to confirm the theory that the cookie is still being set on AJAX requests which are made by other parts of the site.

    I went ahead and logged this as an issue in GitHub. If you would like to follow along you can so here: https://github.com/woocommerce/woocommerce/issues/24792

    Feel free to add any additional information there.

    Thread Starter webformation

    (@webformation)

    Thankyou Michael for taking the time to research this.
    I will keep an eye on Github to see the outcome.
    A Gold star to you for your professionalism.
    Kind Regards

    Thread Starter webformation

    (@webformation)

    Hello again Michael,

    This bug is being addressesed on github now and a temporary fix has been offered.
    thanks again for instigating the action with the developers.

    We still have this cookie being served on our home page to users and extending our fully load time by 2 seconds +

    On trying the fix it broke our site.

    https://github.com/woocommerce/woocommerce/pull/24798/files/e22a024473352facdff59394b2aa43e4951f8060

    I should hope we have done something incorrectly. Would it be possible to give us a simple dummies guide how to apply this fix?

    Kind Regards,

    Thread Starter webformation

    (@webformation)

    UPDATE

    phew it does work… (we must have cut and paste incorrectly) no more cookies served on the front end 🙂

    Plugin Support Michael

    (@mikkamp)

    Automattic Happiness Engineer

    Hi,

    Thanks for the update, glad to hear it’s all working correctly for you now. Since the issue has already been resolved in GitHub (it’s just pending a release in WooCommerce 3.9), I’ll go ahead and mark this thread as resolved.

    Feel free to open a new one if there are any other issues you are still seeing.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Woocommerce is not GDPR compliant’ is closed to new replies.