Skip to content

Feat/script Blocker#31

Merged
jasperf merged 4 commits into
mainfrom
feat/script-blocker
May 30, 2026
Merged

Feat/script Blocker#31
jasperf merged 4 commits into
mainfrom
feat/script-blocker

Conversation

@jasperf

@jasperf jasperf commented May 30, 2026

Copy link
Copy Markdown
Contributor

This release (v2.1.0) strengthens the plugin's out-of-the-box cookie handling by expanding the necessary cookie defaults and improving analytics script blocking behavior. The necessary category now ships with a comprehensive set of WordPress core and WooCommerce cookies pre-configured, reducing manual setup for the most common WordPress deployments. Analytics script blocking has been tightened so scripts are suppressed before consent is granted, and the sbjs_* (SourceBuster.js) cookies have been moved from necessary to the analytics category, where they belong semantically. Version metadata has been updated across all canonical locations: the plugin header, WARDER_VERSION constant, package.json, readme.txt, and CHANGELOG.md.

Cookie Defaults and Categorization:

  • inc/defaults.php now includes WordPress core cookies (wordpress_*, wp-settings-*, comment_author_*) and WooCommerce cookies (woocommerce_*, wc_*) in the necessary category defaults, eliminating manual configuration for standard WordPress and WooCommerce sites.
  • sbjs_* cookies have been relocated from the necessary category to the analytics category, correcting a semantic misclassification since these cookies are used for traffic source attribution rather than core site functionality.

Script Blocking and Frontend Behavior:

  • inc/frontend.php has been updated to ensure analytics scripts are blocked prior to consent being recorded, closing a gap where scripts could execute before the user's preference was captured.
  • This change aligns the plugin's script blocking behavior with the intent of the page_scripts setting and the vanilla-cookieconsent library's category-based blocking mechanism.

Versioning and Release Metadata:

  • The version has been incremented to 2.1.0 across all canonical locations: the Version: header and WARDER_VERSION constant in warder-cookie-consent.php, package.json, readme.txt (stable tag, changelog, and upgrade notice), and CHANGELOG.md.

Files Changed:

jasperf added 4 commits May 30, 2026 10:44
…gory

- Add script_loader_tag filter to block sourcebuster-js, wc-order-attribution,
  and wp_slimstat until analytics consent is given (type=text/plain +
  data-category attribute; vanilla-cookieconsent re-enables on accept)
- Move sbjs_* autoClear from necessary to analytics — these are WooCommerce
  traffic-source tracking cookies, not essential cookies; placing them in
  necessary meant they could never be cleared on rejection
- Expose warder_blocked_scripts filter for site-specific overrides
Documents the cookies that are genuinely essential so they appear
correctly in the admin cookie table and are never auto-cleared:
- cc_cookie (consent record)
- wordpress_logged_in_*, wordpress_sec_*, wordpress_test_cookie (auth)
- wp-settings-* (admin bar / customizer state)
- wp_woocommerce_session_*, woocommerce_cart_hash,
  woocommerce_items_in_cart, woocommerce_recently_viewed (cart/session)
- PHPSESSID (PHP session)
@jasperf
jasperf merged commit 3a733c4 into main May 30, 2026
2 checks passed
@jasperf
jasperf deleted the feat/script-blocker branch May 30, 2026 04:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant