Disable io.prismic.preview cookie for visitors

tim5 · January 31, 2023, 4:29pm

I've noticed that including the PrismicPreview component wrapper in NextJs causes the io.prismic.preview cookie to be written for every visitor rather than just the ones that would be previewing data.

The cookie is empty but I'm getting around 20 of them set as around 7 get set for each domain as it goes up the sub domain tree for the sites domain and the prismic repos domain.

A request to .prismic.io/prismic-toolbar/4.0.9/iframe.html also appears to be being triggered despite not being in preview mode.

Is there any way to turn this off as it also bypasses cookie consent plugins?

racheal.orukele · February 3, 2023, 3:29pm

Hello @tim5,

After testing, I couldn't reproduce this issue with any of the browsers. Can you share more details like your browser settings, steps to reproduce the issue, and codebase as a zip file or a git repository so I can debug and provide assistance?

Thanks,
Racheal.

tim5 · February 6, 2023, 9:25am

I've created an example following the setup instructions for NextJs. This is just a NextJs site configured with Prismic as per Set up Prismic with Next.js - Documentation - Prismic and then deployed to Netlify.

In Edge (regular and in private window) I can see 25 cookies being set all of which are for io.prismic.preview.

Example code base: GitHub - LabDigital/PrismicPreviewCookie
Example site: https://merry-belekoy-94d4f7.netlify.app/

tim5 · February 13, 2023, 10:29am

Any update on this @racheal.orukele

racheal.orukele · February 13, 2023, 2:25pm

Hello @tim5,

My apologies for my late response.

Preview data only appears for logged-in users on the browser; the preview script checks if users are logged in; if not, nothing is done, and nothing is stored in the user's browser.

This is what I experienced testing out the preview feature:

When in preview mode, there are multiple requests sent, the cookie is set once, and when I exit preview mode, a request is still sent for the preview iframe
When I tested in a browser that I wasn't logged in, there were no preview requests sent, and as I stated, the cookie wasn't set because I wasn't logged in
I commented out the preview component the request where not sent, and the cookie was not set

I contacted our team to share my experience, and they stated that this was the correct behavior.

So this means only users logged in to Prismic can see the cookie, but no worries, your regular website users won't see this.

Thanks,
Racheal.

tim5 · February 14, 2023, 3:59pm

Hi @racheal.orukele

Please see video https://drive.google.com/file/d/11_GI0baLStLLdqyD9IMr6snfk8P39VmY/view

This is the same site and repo as pasted above, which does not have any logic configured to enter preview mode. But the cookies are being set in both a new instance of Chrome running and a new incognito window.

The video also shows that deleting the cookies and refreshing the page results in them being set again.

The actual cookies have no value but are being set.

racheal.orukele · February 15, 2023, 11:24am

Hello @tim5,

I don't have viewing access to the video link you shared above.

tim5 · February 15, 2023, 2:26pm

Hi @racheal.orukele, I have shared the video with you

racheal.orukele · February 16, 2023, 1:05pm

@tim5 seen. I'll take a look and get back to you

racheal.orukele · February 16, 2023, 3:31pm

@tim5 I checked your video. The preview cookies you are seeing are only generated in your browser as a logged-in Primsic user. You can look at our client's site, and you will notice that you will not see any 'preview' cookies there, and your client wouldn't see any preview cookies either.

You can also check our general cookies policy here: