Fix cookies not deleting on opt-out

[jpople]

Closes PROD-2822

Associated fidesplus PR- https://github.com/ethyca/fidesplus/pull/1653

Description Of Changes

Fixes a bug where cookies were not being deleted when a user opted out due to js-cookie attempting to exactly match a provided domain even when it was null.

Adds a new field on privacyexperienceconfig table, auto_subdomain_cookie_deletion; when true, opting out will cause cookies from subdomains (prefixed with .s) to be deleted as well as cookies from the top-level domain.

Note that I've manually tested the migration using the following steps:

1. Added some privacy experience configs to mock pre-existing customers' configs
2. Ran migration
3. Confirmed the auto_subdomain_cookie_deletion was false
4. Added net new privacy experience config
5. Confirmed the auto_subdomain_cookie_deletionwastrue` ✅

Code Changes

• Add toggle to experience config in admin-ui that controls whether we automatically delete subdomain cookies
• Updates appropriate models across the fides ecosystem to account for this new field in the BE
• Adds migration to write the auto_subdomain_cookie_deletion to "false" for existing privacy experience configs

Steps to Confirm

Test using local fides-js against a staging Ethyca site which GETs localhost:3001 for fides-js.

Run the associated Fidesplus branch (this is pointed to the aa28ea20aeee81d4f73db25538af5413718b9ef1 fides commit since there are BE changes here)

Toggle the auto_subdomain_cookie_deletion field on your privacy experience to false:

• Opt in to a privacy notice
• Should save cookies
• Opt out
• Should delete only top-level cookies with domain of ethyca.com, not subdomain cookies with domain of .ethyca.com

Toggle auto_subdomain_cookie_deletion on your privacy experience to true and re-run, then:

• Opt in, should save as before
• On opt out, should delete cookies both with top-level and subdomains

Pre-Merge Checklist

• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
fides-plus-nightly	⬜️ Ignored (Inspect)	Visit Preview		Oct 16, 2024 3:13pm

[tvandort]

Neat! Thanks!

I'm curious, was the js-cookie library not working for removing these if we passed the same domains?

[cypress]

fides    Run #10468

Run Properties:   Passed #10468  •  3e80c67836 ℹ️: Merge dadabee99f86effa25aa50719c92266784e10a13 into 88a32f00b57b3bc29b7c638fb0d9...

Project	fides
Run status	Passed #10468
Run duration	00m 38s
Commit	3e80c67836 ℹ️: Merge dadabee99f86effa25aa50719c92266784e10a13 into 88a32f00b57b3bc29b7c638fb0d9...
Committer	jpople
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	4
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

[eastandwestwind]

Looking good @jpople ! In addition to my comment below:

Could we add a test that basically asserts we do not support cookie deletion for compass cookies yet, and link to https://ethyca.atlassian.net/browse/PROD-2830 as the follow-up? E.g. when cookie domain is ["google.com", "googleadservices.com"]' cookie removal won't work.

If that's gonna take too much time, I'd say just leave a link to the PROD ticket in the cookie removal logic 👍

[jpople]

@eastandwestwind I added a test case to cover a cookie with a passed-in domain, but the tests on removeCookieFromBrowser are just detecting whether cookies.remove() is called with the right arguments as they were before. I'm not sure if it's possible to test whether that actually results in a cookie being deleted or not.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.57%. Comparing base (88a32f0) to head (dadabee).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5338      +/-   ##
==========================================
+ Coverage   85.56%   85.57%   +0.01%     
==========================================
  Files         379      379              
  Lines       23982    23985       +3     
  Branches     2623     2623              
==========================================
+ Hits        20520    20526       +6     
+ Misses       2910     2907       -3     
  Partials      552      552              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cypress]

fides    Run #10470

Run Properties:   Passed #10470  •  7591e3fb38: Fix cookies not deleting on opt-out (#5338)

Project	fides
Run status	Passed #10470
Run duration	00m 42s
Commit	7591e3fb38: Fix cookies not deleting on opt-out (#5338)
Committer	jpople
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	4
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.