Use tldts to get the domain

Author: mrubens

apps/web-roo-code/package.json

@@ -34,6 +34,7 @@
 		"recharts": "^2.15.3",
 		"tailwind-merge": "^3.3.0",
 		"tailwindcss-animate": "^1.0.7",
+		"tldts": "^6.1.86",
 		"zod": "^3.25.61"
 	},
 	"devDependencies": {

apps/web-roo-code/src/components/CookieConsent.tsx

@@ -3,7 +3,7 @@
 import React, { useState, useEffect } from "react"
 import ReactCookieConsent from "react-cookie-consent"
 import { Cookie } from "lucide-react"
-import { CONSENT_COOKIE_NAME, CONSENT_COOKIE_DOMAIN } from "@/lib/constants"
+import { CONSENT_COOKIE_NAME, getConsentCookieDomain } from "@/lib/constants"
 
 export interface CookieConsentProps {
 	/**
@@ -47,14 +47,21 @@ export function CookieConsent({
 	cookieName = CONSENT_COOKIE_NAME,
 	debug = false,
 }: CookieConsentProps) {
-	const [hostname, setHostname] = useState<string>(CONSENT_COOKIE_DOMAIN)
+	const [cookieDomain, setCookieDomain] = useState<string | null>(null)
 
 	useEffect(() => {
-		setHostname(window.location.hostname)
+		// Get the appropriate domain using tldts
+		const domain = getConsentCookieDomain()
+		setCookieDomain(domain)
 	}, [])
 
+	// Don't render until we have a valid domain
+	if (!cookieDomain) {
+		return null
+	}
+
 	const extraCookieOptions = {
-		domain: process.env.NODE_ENV === "production" ? hostname : CONSENT_COOKIE_DOMAIN,
+		domain: cookieDomain,
 	}
 
 	const containerClasses = `

apps/web-roo-code/src/lib/constants.ts

@@ -31,6 +31,26 @@ export const INTERNAL_LINKS = {
 	PRIVACY_POLICY_WEBSITE: "/privacy",
 }
 
+import { getDomain } from "tldts"
+
 // Cookie consent settings
 export const CONSENT_COOKIE_NAME = "roo-code-cookie-consent"
-export const CONSENT_COOKIE_DOMAIN = process.env.CONSENT_COOKIE_DOMAIN || "roocode.com"
+
+/**
+ * Get the appropriate domain for cookie consent
+ * Uses tldts to extract the domain from the current hostname
+ * Falls back to environment variable or roocode.com
+ * Never returns null/undefined - always returns a valid domain string
+ */
+export function getConsentCookieDomain(): string {
+	if (typeof window === "undefined") {
+		// Server-side fallback
+		return process.env.CONSENT_COOKIE_DOMAIN || "roocode.com"
+	}
+
+	// Extract the domain using tldts - this can return null for invalid hostnames
+	const domain = getDomain(window.location.hostname)
+
+	// Always return a valid string, never null/undefined
+	return domain || process.env.CONSENT_COOKIE_DOMAIN || "roocode.com"
+}