From 0ce5b3610d34ad3a1809df534e926e70f1a03808 Mon Sep 17 00:00:00 2001
From: Collyn Philleo <collyn.philleo@automattic.com>
Date: Fri, 26 Apr 2019 16:08:18 -0700
Subject: [PATCH] Add option to set the cookie domain

---
 README.md                           |  1 +
 docs/src/docs/03-configuration.adoc |  1 +
 src/scripts/core/core_config.js     |  4 ++++
 src/scripts/core/core_constants.js  |  1 +
 src/scripts/core/core_cookies.js    | 11 ++++++-----
 5 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 2d27777e..d8ec6659 100755
--- a/README.md
+++ b/README.md
@@ -151,6 +151,7 @@ For detailed explanations, please visit the [documentation](https://oil.axelspri
 | advanced_settings | Replaces the No Button with an advanced settings button, displaying the Cookie Preference Center. The CPC enables the user to choose their own level of privacy. These settings are stored in the oil cookie (both SOI and POI) as well. | False
 | advanced_settings_purposes_default | All purposes in the advanced settings layer should be activated by default | false
 | config_version | Specifies the version of your OIL configuration. It will be stored with the consent cookie to track which explicit configuration version consent was granted for.| None
+| cookie_domain | Specifies the domain to write the cookie to.  Can be used to set the cookie on a valid parent domain: e.g sub.example.com -> .example.com. | Current hostname
 | cookie_expires_in_days | Value in days until the domain cookie used to save the users decision in days | 31
 | cpc_type | Specifies the type (the layout) of the Cookie Preference Center. Currently, two types are supported: 'standard' and 'tabs'. Depending on this parameter additional label configuration may be necessary. See section <<Full Label Configuration>> for details. | standard
 | customPurposes | Array of custom purposes defined by publisher. IDs for custom purposes may range from 25-88. | None
diff --git a/docs/src/docs/03-configuration.adoc b/docs/src/docs/03-configuration.adoc
index e8454f2f..ba4a3d31 100644
--- a/docs/src/docs/03-configuration.adoc
+++ b/docs/src/docs/03-configuration.adoc
@@ -120,6 +120,7 @@ This is a full list of configurable options.
 | advanced_settings_purposes_default | All purposes in the advanced settings layer should be activated by default | false
 | config_version | Specifies the version of your OIL configuration. It will be stored with the consent cookie to track which explicit configuration version consent was granted for.| None
 | cookie_expires_in_days | Value in days until the domain cookie used to save the users decision in days | 31
+| cookie_domain | Specifies the domain to write the cookie to.  Can be used to set the cookie on a valid parent domain: e.g sub.example.com -> .example.com. | Current hostname
 | cpc_type | Specifies the type (the layout) of the Cookie Preference Center. Currently, two types are supported: 'standard' and 'tabs'. Depending on this parameter additional label configuration may be necessary. See section <<Full Label Configuration>> for details. | standard
 | customPurposes | Array of custom purposes defined by publisher. IDs for custom purposes may range from 25-88. | None
 | customVendorListUrl | Custom vendor list ('non IAB vendors') to use, will be loaded at the same time as the iabVendorList. | None
diff --git a/src/scripts/core/core_config.js b/src/scripts/core/core_config.js
index b8a93fb8..a3e0445f 100644
--- a/src/scripts/core/core_config.js
+++ b/src/scripts/core/core_config.js
@@ -173,6 +173,10 @@ export function getCookieExpireInDays() {
   return getConfigValue(OIL_CONFIG.ATTR_COOKIE_EXPIRES_IN_DAYS, 31);
 }
 
+export function getCookieDomain() {
+  return getConfigValue(OIL_CONFIG.ATTR_COOKIE_DOMAIN, '');
+}
+
 export function getLocaleVariantName() {
   const defaultLocaleId = 'enEN_01';
   let localeVariantName = getLocale();
diff --git a/src/scripts/core/core_constants.js b/src/scripts/core/core_constants.js
index 75d06527..fbc9d7c0 100644
--- a/src/scripts/core/core_constants.js
+++ b/src/scripts/core/core_constants.js
@@ -13,6 +13,7 @@ export const OIL_CONFIG = {
   ATTR_HUB_LOCATION: 'poi_hub_location', // complete hub location, gets generated
   ATTR_PREVIEW_MODE: 'preview_mode',
   ATTR_COOKIE_EXPIRES_IN_DAYS: 'cookie_expires_in_days',
+  ATTR_COOKIE_DOMAIN: 'cookie_domain',
   ATTR_TIMESTAMP: 'timestamp',
   ATTR_PRIVACY_PAGE_URL: 'privacy_page_url',
   ATTR_POI_GROUP_NAME: 'poi_group_name',
diff --git a/src/scripts/core/core_cookies.js b/src/scripts/core/core_cookies.js
index 3b5a7a64..6cf398bc 100644
--- a/src/scripts/core/core_cookies.js
+++ b/src/scripts/core/core_cookies.js
@@ -1,6 +1,6 @@
 import Cookie from 'js-cookie';
 import { logInfo } from './core_log';
-import { getConfigVersion, getCookieExpireInDays, getCustomPurposes, getDefaultToOptin, getLanguage, getLanguageFromLocale, getLocaleVariantName } from './core_config';
+import { getConfigVersion, getCookieExpireInDays, getCookieDomain, getCustomPurposes, getDefaultToOptin, getLanguage, getLanguageFromLocale, getLocaleVariantName } from './core_config';
 import { getLocaleVariantVersion } from './core_utils';
 import { OIL_CONFIG_DEFAULT_VERSION, OIL_SPEC } from './core_constants';
 import { getCustomVendorListVersion, getLimitedVendorIds, getPurposes, getVendorList, loadVendorListAndCustomVendorList } from './core_vendor_lists';
@@ -18,10 +18,10 @@ export function setSessionCookie(name, value) {
   Cookie.set(name, value);
 }
 
-export function setDomainCookie(name, value, expires_in_days) {
+export function setDomainCookie(name, value, expires_in_days, domain) {
   // decoded consent data must not be written to the cookie
   delete value.consentData;
-  Cookie.set(name, value, {expires: expires_in_days});
+  Cookie.set(name, value, {expires: expires_in_days, domain: domain});
 }
 
 export function getOilCookie(cookieConfig) {
@@ -84,7 +84,7 @@ export function setSoiCookieWithPoiCookieData(poiCookieJson) {
         consentString: consentString,
         configVersion: configVersion
       };
-      setDomainCookie(cookieConfig.name, cookie, cookieConfig.expires);
+      setDomainCookie(cookieConfig.name, cookie, cookieConfig.expires, cookieConfig.domain);
       resolve(cookie);
     }).catch(error => reject(error));
   });
@@ -115,7 +115,7 @@ export function buildSoiCookie(privacySettings) {
 export function setSoiCookie(privacySettings) {
   return new Promise((resolve, reject) => {
     buildSoiCookie(privacySettings).then((cookie) => {
-      setDomainCookie(OIL_DOMAIN_COOKIE_NAME, cookie, getCookieExpireInDays());
+      setDomainCookie(OIL_DOMAIN_COOKIE_NAME, cookie, getCookieExpireInDays(), getCookieDomain());
       resolve(cookie);
     }).catch(error => reject(error));
   });
@@ -257,6 +257,7 @@ function getOilCookieConfig() {
   return {
     name: OIL_DOMAIN_COOKIE_NAME,
     expires: getCookieExpireInDays(),
+    domain: getCookieDomain(),
     defaultCookieContent: {
       opt_in: false,
       version: OilVersion.get(),