My country is starting to apply laws about privacy and cookies.
Is there a way to use the Youtube IFrame API without storing cookies?
This is a free script preventing iFrame cookies:
cookies-enabler
Here you get a list of free cookie law tools with features, pros and cons:
free cookie law tools
Related
TLDR: Are Stripe cookies "essential" cookies that do not require consent?
As many of you may know, Stripe is a payment processor and they require that websites using their platform serve the users with their "stripe.js" which applies several cookies.
The cookies are used for tracking, so they sort of come under GDPR, but the tracking is for strictly necessary purposes (fraud prevention) so it sort of also doesn't come under GDPR.
Do I need to irritate users with an accept cookies banner for these Stripe cookies or not? I think it would impair functionality if they were not set, so I'm leaning towards "No, I don't need to ask"
We are creating video reviews in the review tool using the code here and everything used to work before (months back).
Now the only problem we are facing is loading the video on the review tool.
From the console, On chrome, it says CORB blocked the response,
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://REDACTED.streaming.media.azure.net/REDACTED/ignite_c_c.ism/manifest with MIME type application/vnd.ms-sstr+xml. See https://www.chromestatus.com/feature/5629709824032768 for more details.
And I can see 0B responses,
And on Firefox,
But if you paste the same video manifest URL in the Azure Media Test Tool, it works fine there.
Any help to fix the video loading issue would be greatly appreciated.
If you say you were able to use tha same without any changes over months ago, maybe a browser update(unless you have updated endpoints or header to Cross site access policies). Refer Configure CDN profile
However, "CORB" referred above seems similar to CORS (Cross Origin Resource Sharing).
It is an HTTP feature that enables a web application running under one
domain to access resources in another domain. In order to reduce the
possibility of cross-site scripting attacks, all modern web browsers
implement a security restriction known as same-origin policy. This
prevents a web page from calling APIs in a different domain. CORS
provides a secure way to allow one origin (the origin domain) to call
APIs in another origin.
CORS on Azure CDN will work automatically with no additional configuration. When you create a new account, default Streaming Endpoint Azure CDN integration is enabled by default. If you later want to disable/enable the CDN, your streaming endpoint must be in the stopped state. It could take up to two hours for the Azure CDN integration to get enabled and for the changes to be active across all the CDN POPs.
you might want to start using a wildcard (*) to setup the HTTP header, which disables CORS and allows any URL to access the CDN Endpoint.
Refer: Using Azure CDN with CORS
Caution: The Content Moderator Review tool is now deprecated and will be retired on 12/31/2021.
Video moderation enables detection of potential adult content in videos. The review tool internally calls the automated moderation APIs and presents the items for review right within your web browser
There are multiple indications:
SameSite cookie flag error
No decoders for requested formats
CORB error
You can give this a try though:
Set the SameSite by default cookies flag value to Disabled in Chrome 80 and later versions.
In your Chrome browser session, address chrome://flags/ and Search for or find the flag, SameSite by default cookies.
Select Disabled
.
The website uses embed Youtube videos, Slide Shares, Open Table Widgets that become iframes. According to the new law about GDPR we need to ask user's consent for tracking his activity. But how then I can use these components and at the same time disable analytics that comes automatically from these iframes?
It's very difficult to reconcile any kind of tracking with GDPR. If the frame you're loading does not provide privacy controls of its own, you would need to acquire the relevant consent before loading the iframe at all, which you can do via Javascript loaded from your own site.
As a workaround, you could proxy the services and strip tracking cookies and scripts before they ever reach the end user. I've done this before.
The privacy-friendly approach is to not use services that track users in the first place, and then you have nothing to worry about. Sadly this is easier said than done, since the vast majority of such services' entire business model relies on tracking people.
For the security of my website, is there any way I can distinguish between bots and human visitors on my website?
Not really. If a bot WANT to be recognized as a bot, yes you can. Example: search engines bots, like Googlebots.
BUT it's extremely easy for a bot do identify himself as a normal browser; then youre stuck.
If you want a list of bots, here you go: http://www.robotstxt.org/db.html
The only way to do this might be to check for the User-Agent sent in the HTTP request by the current client.
Some bots do not specify any or specifies a specific one such as GoogleBot (Googlebot, Mozilla/5.0) or Baidu Spider.
There is also a list maintained by useragentstring which lists all the known user-agents used by various bots, automated scripts or browsers.
I have recently been required to implement some Usage Tracking to a web-based Business Application. Basically what needs to be tracked is what pages in the application are being used and for how long users stay on those pages. The application is hosted on the internet and is HTML/JavaScript.
I could use Google Analytics to track page views, visits and browser capabilities, but is it secure enough to use for business applications?
Does anyone else use Google Analytics to track web-based business application usage? Or do you have some thoughts on this?
Also, I couldn't find anything from Google specifically stating whether this is a good or bad thing to do.
It depends what you want to be secure.
Gathered data, if you trust Google, is pretty secure.
However, Analytics data can be tampered with. Someone can read your Analytics ID from page source (or HTTP traffic) and submit fake pageviews, events, change custom variables, etc.