Disable io.prismic.preview cookie for visitors

I've noticed that including the PrismicPreview component wrapper in NextJs causes the io.prismic.preview cookie to be written for every visitor rather than just the ones that would be previewing data.

The cookie is empty but I'm getting around 20 of them set as around 7 get set for each domain as it goes up the sub domain tree for the sites domain and the prismic repos domain.

A request to .prismic.io/prismic-toolbar/4.0.9/iframe.html also appears to be being triggered despite not being in preview mode.

Is there any way to turn this off as it also bypasses cookie consent plugins?

Hello @tim5,

After testing, I couldn't reproduce this issue with any of the browsers. Can you share more details like your browser settings, steps to reproduce the issue, and codebase as a zip file or a git repository so I can debug and provide assistance?

Thanks,
Racheal.

I've created an example following the setup instructions for NextJs. This is just a NextJs site configured with Prismic as per Set up Prismic with Next.js - Documentation - Prismic and then deployed to Netlify.

In Edge (regular and in private window) I can see 25 cookies being set all of which are for io.prismic.preview.

Example code base: GitHub - LabDigital/PrismicPreviewCookie
Example site: https://merry-belekoy-94d4f7.netlify.app/

Any update on this @racheal.orukele

Hello @tim5,

My apologies for my late response.

Preview data only appears for logged-in users on the browser; the preview script checks if users are logged in; if not, nothing is done, and nothing is stored in the user's browser.

This is what I experienced testing out the preview feature:

  • When in preview mode, there are multiple requests sent, the cookie is set once, and when I exit preview mode, a request is still sent for the preview iframe
  • When I tested in a browser that I wasn't logged in, there were no preview requests sent, and as I stated, the cookie wasn't set because I wasn't logged in
  • I commented out the preview component the request where not sent, and the cookie was not set

I contacted our team to share my experience, and they stated that this was the correct behavior.

So this means only users logged in to Prismic can see the cookie, but no worries, your regular website users won't see this.

Thanks,
Racheal.

Hi @racheal.orukele

Please see video https://drive.google.com/file/d/11_GI0baLStLLdqyD9IMr6snfk8P39VmY/view

This is the same site and repo as pasted above, which does not have any logic configured to enter preview mode. But the cookies are being set in both a new instance of Chrome running and a new incognito window.

The video also shows that deleting the cookies and refreshing the page results in them being set again.

The actual cookies have no value but are being set.

Hello @tim5,

I don't have viewing access to the video link you shared above.

Hi @racheal.orukele, I have shared the video with you

@tim5 seen. I'll take a look and get back to you

@tim5 I checked your video. The preview cookies you are seeing are only generated in your browser as a logged-in Primsic user. You can look at our client's site, and you will notice that you will not see any 'preview' cookies there, and your client wouldn't see any preview cookies either.

You can also check our general cookies policy here: