From da129aa038023583ad5887c33f8e580423add15f Mon Sep 17 00:00:00 2001
From: "Restarone Solutions Inc. Software Engineering"
 <engineering@restarone.solutions>
Date: Fri, 3 Apr 2026 15:07:31 -0400
Subject: [PATCH 1/2] sign cookies if country code is in default tracking list

---
 .../concerns/ahoy_controller_patch.rb         | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/app/controllers/concerns/ahoy_controller_patch.rb b/app/controllers/concerns/ahoy_controller_patch.rb
index 242210d63..c3d822bbd 100644
--- a/app/controllers/concerns/ahoy_controller_patch.rb
+++ b/app/controllers/concerns/ahoy_controller_patch.rb
@@ -10,6 +10,27 @@ def set_ahoy_cookies
 	end
 
 	def tracking_enabled?
-		Subdomain.current.tracking_enabled && request.cookies['cookies_accepted'] == 'true'
+		locations = Geocoder.search(request.ip)
+		location = locations.first
+		track_by_default_country_codes = ['CA', 'US']
+		
+		if Subdomain.current.tracking_enabled
+			if request.cookies['cookies_accepted'] == 'true'
+				return true
+			else
+				if track_by_default_country_codes.include?(location.country_code.upcase) 
+					cookies[:cookies_accepted] = {
+						value: params[:cookies].presence,
+						httponly: true,
+						expires: 1.year
+					}
+					return true
+				else
+					return false
+				end
+			end
+		else
+			return false
+		end
 	end
 end

From 9d858da3abee47af01121f9aeb5fc6f71ea6b086 Mon Sep 17 00:00:00 2001
From: "Restarone Solutions Inc. Software Engineering"
 <engineering@restarone.solutions>
Date: Fri, 3 Apr 2026 15:16:22 -0400
Subject: [PATCH 2/2] add safe navigation when country code is nil

---
 app/controllers/concerns/ahoy_controller_patch.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/concerns/ahoy_controller_patch.rb b/app/controllers/concerns/ahoy_controller_patch.rb
index c3d822bbd..15cf0d018 100644
--- a/app/controllers/concerns/ahoy_controller_patch.rb
+++ b/app/controllers/concerns/ahoy_controller_patch.rb
@@ -18,7 +18,7 @@ def tracking_enabled?
 			if request.cookies['cookies_accepted'] == 'true'
 				return true
 			else
-				if track_by_default_country_codes.include?(location.country_code.upcase) 
+				if track_by_default_country_codes.include?(location&.country_code&.upcase) 
 					cookies[:cookies_accepted] = {
 						value: params[:cookies].presence,
 						httponly: true,