Does the error message for the has_js check in Lines 30-32 of flag.pages.inc (below) have any real function for flagging?

elseif ($user->uid == 0 && !$has_js) { 
$flag->errors['javascript'] = t('You must have JavaScript and cookies enabled in your browser to flag content.'); 
}

I have a site with flags on content directly, in views, and also within marker popups on an OpenLayers map to allow users to save locations to as favorites. Anonymous users can flag and all works well if they flag directly on the content types or views. If logged in users flag from the map marker popups, it also works well. But if an anonymous user tries to flag from the marker popups, they get this error message and cannot flag from the popups, even though they are using the same browser/settings as when they flagged from the content or a view:

You must have JavaScript and cookies enabled in your browser to flag content.

I commented out the three lines of code and anonymous users can now flag from the marker popups and I haven't noticed any problems with the site, but don't want to push it to my live site if there could be problems elsewhere without that code. Is this approach okay or is there a better fix for anonymous flagging in this situation?

Comments

joachim’s picture

joachim CreditAttribution: joachim commented
Status: Active » Postponed (maintainer needs more info)

AFAIK to flag anonymously you need Javascript.

Are you saying that this is not the case, or that your anon users do in fact have JS enabled, and that the $has_js check is incorrect?

DSquaredB’s picture

DSquaredB CreditAttribution: DSquaredB commented

The $has_js check is incorrect when the flag is in the map marker popups.

To check it, I added a table display of a view with the same flag to the same page as the map. An anonymous user can flag with no errors from the table display of the view, but gets the error when they try to flag from the map marker popups. The only difference is that the flag is being passed to the marker popups through the OpenLayers map configuration like this: 

<div class="openlayers-fp openlayers-tooltip-description">
<div class="swva-popup">
<div class="swva-popup-photo">${.field_image_rendered}</div>
<div class="swva-popup-text"><h4>${.title_rendered}</h4>${.field_physical_address_rendered}
<div class="favorite">${.ops_rendered}</div>
</div>
</div
</div>

When you turn off JavaScript, the maps won't load so I can't check the flagging in the markers. But elsewhere (tables, directly in the content), anonymous users still get the error message about needing JavaScript. Logged in users with JavaScript disabled can still flag from everywhere, including the map markers. Doesn't the Flag module have a non-JavaScript fallback if JavaScript is disabled?

DSquaredB’s picture

DSquaredB CreditAttribution: DSquaredB commented

One more thing...

With the $has_js check commented out in the module, anonymous users with Javascript disabled can still flag everywhere just like the logged in users can.

That's what made me wonder if the $has_js check was necessary.

DSquaredB’s picture

DSquaredB CreditAttribution: DSquaredB commented
Status: Postponed (maintainer needs more info) » Active

I changed the status back to active since I provided more input and wasn't sure you had seen it since it was postponed. I apologize in advance if you would prefer to keep it postponed.

joachim’s picture

joachim CreditAttribution: joachim commented

The JS and anonymous flagging are two parts of the code I don't know particularly well. But the code has several clues as to why there's the requirement for JS for anon flagging:

/**
 * A behavior specifically for anonymous users. Update links to the proper state.
 */

...

  // For anonymous users with the page cache enabled, swap out links with their
  // current state for the user.
  if (Drupal.settings.flag && Drupal.settings.flag.templates) {
    Drupal.flagAnonymousLinkTemplates(context);
  }

  // For all anonymous users, require JavaScript for flagging to prevent spiders
  // from flagging things inadvertently.
  if (Drupal.settings.flag && Drupal.settings.flag.anonymous) {
    Drupal.flagAnonymousLinks(context);
  }

There's also -- I think -- that when anon users flag, a cookie has to be set.

dmsmidt’s picture

dmsmidt
he/him
Primary language Dutch
Location Amsterdam 🇳🇱🇪🇺
CreditAttribution: dmsmidt commented

In my setup I receive the error after clicking a second time on a flag link (while viewing a node).

The first time the following code gets executed $has_js = 1, the second time it returns NULL.

// Specifically $_GET to avoid getting the $_COOKIE variable by the same key.
  $has_js = isset($_GET['has_js']);
Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented

I'm getting the same behavior as DSquaredB. I'm using 7.x-3.5+9-dev. It works fine in the node view but $has_js gives a false negative in popups. If this code in flag.pages.inc is commented out it works fine even in popups:

$flag->errors['javascript'] = t('You must have JavaScript and cookies enabled in your browser to flag content.');

I will investigate and report back.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Version: 7.x-3.4 » 7.x-3.x-dev
Category: Support request » Bug report

Changing version and category.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Category: Bug report » Support request

The issue seems to be that the popup is not AJAX-loaded and is therefore not processed by Drupal.behaviors.flaglink.attach(). Therefore the flag link is not processed to add "has_js=1" to the GET request. Rather than a bug in Flag this seems like either a bug in the popup module (Leaflet) or a use case for some glue code.

ofry’s picture

ofry CreditAttribution: ofry commented

This is related to issue https://www.drupal.org/node/2334061
Please follow ^^

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Active » Closed (duplicate)

Duplicate of #1449450: Ajax flagging doesn't work when the flag link itself has been loaded via ajax.

OWast’s picture

OWast
Location Ljusvattnet, Burträsk, Sweden
CreditAttribution: OWast at Happiness commented
Category: Support request » Feature request
Status: Closed (duplicate) » Active

I'm opening this again, it is not a duplicate of #1449450. (#6 to #10 may be talking about that, but it's not the original question.)

To recap: The module works fine for anonymous users without javascript - but the functionality is intentionally blocked to prevent spiders from flagging. Fair enough. But:

- It's not really that nice is it? Showing a link and then an error-message when it has been clicked. Better to remove the link in this case, and add it using javascript.
- Site builders might be implementing other tools to prevent the links from being spider-clicked, or might not be concerned, so there should at least be an option to turn this feature off.

For my client accessibility is key, as people with disabilities are one of their target audiences. Their site uses flag to receive feedback about the site, and they are very much interested in what lynx users and other edgy non-js users think of their site.

If we can agree on a solution for this, I can create the patch.