Fixed missing CSS for the disabled “Theme sync” field in the admin dashboard: when Scoped Banner Styling (custom CSS / a built-in preset) is active, JavaScript already added a disabled-state class and an “Overridden by Scoped Banner Styling” message to the Theme Sync field — matching the existing accent-colour picker behaviour — but the stylesheet only styled this disabled state for the accent field, not the Theme Sync field. The font pills remained fully clickable and visually normal with no indication that theme font sync was inactive. The disabled-state styling (reduced opacity, disabled interaction, override message) now applies to both fields
No functional change to theme sync itself — fonts synced from the active theme still only apply to the live banner when no custom CSS/preset is active (custom CSS retains full control of typography by design). This fix makes that existing, correct behaviour visible and understandable in the admin UI
1.9.10
Fixed COOKR CRAZE built-in preset: the minimised (reopen) button was unstyled and the preferences-panel toggle switches showed the site’s global accent colour (could be any colour, including red) instead of the preset’s green — the preset never set –cookr-accent, so cookr.css‘s defaults for #cookr-reopen and .cookr-switch input:checked + .cookr-slider (both driven by var(–cookr-accent)) fell through to the global accent colour setting
Added #cookr-banner, #cookr-reopen { –cookr-accent: #00ff88; } and #cookr-reopen svg rect { fill: #000000; stroke: #00ff88; } to the preset — toggle switches and the reopen pill/dot now render in the preset’s black/green theme regardless of the global accent colour setting
Fixed admin preview panel loading spinner: @keyframes cookr-spin only animates transform: rotate(), but the spinner’s centering also used transform: translate(-50%, -50%) — animating transform between an implicit translate(…) start and a rotate(360deg) end produced a visible jump/skip instead of a clean spin. Centering now uses top/left + negative margin, leaving transform free for rotation only
Made the admin preview banner fully static — removed the cosmetic preferences-panel click handler, and the preview banner / reopen button no longer respond to hover or click (pointer-events: none). The preview is a visual reference only, not an interactive demo
Fixed a critical non-idempotency bug in the custom CSS sanitiser (cookr_scope_css): every settings save re-sanitises the currently saved value (the textarea is repopulated with the previously-scoped output), but the selector-mirroring logic was not idempotent — an already-mirrored selector like #cookr-banner .cookr-inner would itself pass the #cookr-/.cookr- prefix check and get re-added on each save, and the .cookr-title svg icon-colour helper would re-fire for both a selector and its mirror, with both copies persisting forward. On real-world installs this had compounded over repeated saves into 150+ duplicate copies of some rules and a single selector list repeated 18 times, ballooning the saved CSS to 220KB. Selectors within each rule and the full set of emitted rules are now deduplicated (exact-string, order-preserving), making the sanitiser idempotent — re-saving now reproduces the same output instead of growing it. Existing bloated saved CSS will collapse back to its correct minimal form on the next save
Fixed critical bug in custom CSS sanitiser (cookr_scope_css): a CSS comment placed directly above a rule (e.g. /* Buttons */ followed by .cookr-btn { … }) caused the comment text to be parsed as part of the selector, failing the #cookr-/.cookr-/:root prefix check and silently dropping the entire rule with no error shown to the admin
CSS comments are now stripped before selector parsing — fixes silent loss of :root accent overrides and any commented/sectioned custom CSS
Added font detection for classic themes that load fonts via enqueued stylesheets (e.g. Kadence default installs) — previously only customizer-saved typography and block-theme theme.json fonts were detected
New detection path parses Google Fonts and Bunny Fonts family names from registered stylesheets on the frontend, cached in a 6-hour transient, invalidated on theme switch
1.9.9
Fixed banner close behaviour — added state-aware close button always visible in banner
Fixed Escape key — now follows same state-aware dismiss logic as close button
No consent overwrite when closing with stored consent and no unsaved changes
Prompts before discarding unsaved preference changes (native confirm dialog)
1.9.8
Fixed LiteSpeed Cache JS Combine compatibility — cookrConfig inline block now isolated to a dedicated script handle, preventing third-party inline errors from aborting COOKR initialisation
Added automatic JS exclusion filters for LiteSpeed Cache, WP Rocket, Autoptimize, and FlyingPress — COOKR registers itself as excluded from JS combination pipelines automatically
Updated compatibility matrix schema — added protocol, protocol_version, test_payload, verification_method, special_checks fields across all entries
Recorded first VERIFIED enforcement baseline: WordPress Core, Protocol v1.0, all six test cases passed
Recorded LiteSpeed Cache JS Combine finding: FAIL without exclusion, PASS with automatic exclusion
1.9.7
Fixed PHP notice in auto-blocker iframe rewrite handling
Fixed blocked-status reporting for detected domains
Fixed consent log rate-limit bypass edge case
Fixed missing policy_version storage in consent records
Fixed remote signature update setting persistence
Fixed language switcher save-state detection
Added full-consent buffer shortcut optimization
1.9.6
Compliance improvements for WP.org review
Removed generic CDN entries from auto-blocker allowlist
Export uses explicit allowlist for safe settings only
Build tooling improvements
1.9.5
WordPress.org review and compliance-related improvements
Internal maintenance and review-related updates
1.9.2
Initial public CORE release
3×3 visual position picker replaces dropdown
Accent colour now applies to banner icon and buttons in preview
