-
Bug
-
Resolution: Fixed
-
Minor
-
None
A new European regulation on the collection of identifying information, General Data Protection Regulation ("GDPR"), combines with existing legislation regarding consent being required before saving of cookies on any given domain.
As stupid as it may seem, screen resolution is regarded as identifying information, and it's stored immediately upon loading a Jenkins server, courtesy https://github.com/jenkinsci/jenkins/blob/master/core/src/main/resources/hudson/model/View/index.jelly#L48
This needs to be optional, pending implementation of a "Cookie Consent" feature, for any Jenkins server accessible in Europe to be legally compliant.
[JENKINS-49675] screenResolution cookie not marked as secure
Assignee | New: James Nord [ teilo ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Used only by this method which appears never to have been called except by diagnostics. I think we could just deprecate it and make it unconditionally return null (also this clone) and be done with it.