fix(inline): four small bugs around the inline-consent flow#484
Merged
skerbis merged 6 commits intoJun 12, 2026
Merged
Conversation
InlineConsent::renderPlaceholderHTML() passes both via setVar() but the fragment template only retrieves $service/$options/$content via getVar() — $consentId and $serviceKey were used as bare variables and ended up undefined. With display_errors on this produces PHP warnings inside the data-consent-id attribute which breaks the inline JS that reads that attribute.
setCookieData() wrote 'consent_manager' (with underscore) while getStorageValue() and all other reads use 'consentmanager' (no underscore). Result: the consent cookie is never found again after reload — the inline placeholder reappears every page load even when the user has clicked "Allow all". Also adds a one-time cleanup for the legacy underscore cookie so users who hit the bug don't see two cookies.
docs/inline.md lists 'css_class' as a supported option (line 504, 565, 569, 741 with an example) but no code path uses it. This appends the value as an extra class on the outer .consent-inline-container element so users can theme individual placeholders as the docs already promise.
The default --consent-overlay-max-width: 90% (95% on mobile) leaves the underlying thumbnail visible at the edges, which looks broken in 16:9 video wrappers and similar aspect-ratio-locked containers. There is no backend setting or theme_editor field to change this — the value is hardcoded in CSS. Set the default to 100%. Users who want inset spacing can use the existing --consent-overlay-padding variable instead.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR targets multiple small issues in the inline-consent flow of the REDAXO Consent Manager AddOn, improving placeholder rendering, persistence of inline consent decisions, and default overlay styling.
Changes:
inline_placeholder.php: initializeconsentId/serviceKeyvia fragment vars and add support for a documentedcss_classoption on the outer container.consent_inline.js: fix the cookie name mismatch by writingconsentmanager(and attempt to clean up the legacyconsent_managercookie).consent_inline.css: change the default overlay max width to100%(desktop + mobile) so the overlay fully covers the placeholder.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| fragments/ConsentManager/inline_placeholder.php | Initializes missing fragment vars and applies optional extra CSS class for theming. |
| assets/consent_inline.js | Writes the inline-consent cookie under the correct name and adds legacy-cookie cleanup logic. |
| assets/consent_inline.css | Updates default overlay sizing variable to avoid visible “thumbnail peeking” at the sides. |
Address review comment: $this->getVar('consentId', uniqid(...))
evaluates uniqid() on every render because PHP evaluates default
arguments eagerly. Fetch the var first, only generate a fallback id
when it's actually missing. Avoids unused id allocations and makes
placeholder ids easier to follow when debugging.
Address review comment: the previous patch only cleaned the legacy 'consent_manager' cookie on write. Users who already hit the bug would still see the placeholder once after the update — until they re-consent, at which point the write-side cleanup would kick in. Now getStorageValue() falls back to the legacy cookie name when 'consentmanager' is missing, copies the value over, and expires the legacy cookie — so the consent state is preserved across the update without an extra user click.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes four issues I hit when integrating the inline consent flow
in a customer project on REDAXO 5.20.
Each commit is independent and can be cherry-picked.
1.
inline_placeholder.php—$consentId/$serviceKeynever initializedInlineConsent::renderPlaceholderHTML()passes both via$fragment->setVar()but the template only retrieves
$service,$options,$placeholderDataand
$contentvia$this->getVar().$consentIdand$serviceKeyareused as bare variables (lines 58, 105 etc.) — REDAXO
rex_fragmentdoesn't
extract()set vars, so both arenull. Withdisplay_errorson this produces PHP warnings inside the
data-consent-idattribute,which breaks the JS that reads that attribute.
2.
consent_inline.jscookie name mismatchsetCookieData()writes the cookie asconsent_manager=…(withunderscore). All read paths (
getStorageValue,getCookie('…'),sessionStorage.getItem) useconsentmanager(no underscore).Result: the consent cookie is set but never found again after reload —
the inline placeholder reappears every page load even when the user
already accepted.
This commit fixes the write name and also cleans up the old
underscore cookie so users who already hit the bug don't end up with
two stale cookies.
3. Documented
css_classoption is not implementeddocs/inline.mdlists'css_class'as a supported option (line 504,565, 569, 741, with an example
'consent-theme-minimal') butgrep -r css_class lib/ fragments/returns no hits. The option issilently dropped.
This commit appends the option value as an extra class on the outer
.consent-inline-containerelement so users can theme individualplaceholders the way the docs already promise.
4. Default
--consent-overlay-max-width: 90%makes the overlay not cover the placeholderThe placeholder defines
--consent-overlay-max-width: 90%(95% onmobile) on
.consent-inline-placeholder, and.consent-inline-overlayconsumes it as
max-width: var(--consent-overlay-max-width). In awrapping container with a locked aspect-ratio (e.g. a 16:9 video box),
the overlay stays 10% narrower than the thumbnail behind it — the
thumbnail peeks out at the sides and the placeholder looks broken.
There is no backend setting or
theme_editorfield for this. Overridingthe variable from a wrapper element doesn't work because the var is
re-declared on the placeholder (a descendant), so the wrapper-level
value never reaches the overlay.
This commit sets the default to
100%. Users who want inset spacingcan use the existing
--consent-overlay-paddingvariable instead.Tested against v5.6.6 in a live customer project. Happy to split into
separate PRs if you'd prefer.