ceberlin

Hi, ProcessWire 3.0.175 + PrivacyWire 104. On this occasion I wish to thank you for the really helpful module contribution and all your support!

Silly me. I was using the example from here (https://processwire.com/modules/privacy-wire/) without looking for type errors in there. (The example code could be updated?) I fixed it and cleared the cache. Still not working. A minification issue maybe (semicolons)?

I started having trouble with <script type=text/plain" data-type="text/javascript" data-category="external_media" class="require-consent"> I get a JS error and the element isn't shown (any more?) on consent. Anyone else sees this too? Or did I use this in an unintended way? (Example)

Maybe a bug: I cannot set "Bytes" in the module settings to anything else than 0 - It resets to "0" after saving.

Can be an essential element of a GDPR data protection strategy. Very useful. Thank you!

Hi, today's 2.0 update killed the backend here on some installs... Reverting to 1.2.7 fixed it: PDOException #42S22 SQLSTATE[42S22]: Column not found: 1054 Unknown column 'field_phits.last_hit' in 'field list'

I can confirm that this method of replacing the decimal field worked on my e-commerce-Project where I tried this. No problems.

I think that PW could have a stronger GDPR support out of the box, including comments. There are already some consent plugins available (one of those pretty good), but there is still much efforts needed (like the unnecessary complicated recommendations for fixing comments). For us Europeans, it is so important, to have things right there from the beginning, and GDPR should not be rocket science to fully implement.

Hi Joshua, just an idea. If there were a counter for all closes of all finished user decisions and a separate one only for the "accept all" decisions, it would give me a perfect idea of the accept ratio of the specific site. Either generally (probably enough), or even per month in a table (to monitor changes in behaviour). In the module, or in logfiles or a CSV file with a row limit? Basically, sort of mini-statistics. I have guesswork right now regarding Analytics' / Matomo's result changes and of how many users (in percent) those analytics results represent?

Just a searchable note here in case s.o. else runs into the same problem 🙂 You suddenly cannot log in any more with TFA/2FA (Two Factor Authentification)? After the step two (inserting the 2FA code) the server responds with an ERROR 500? There is no corresponding entry in the server logs? Check this: Open your site files with FTP, go to /site/assets/logs/ and look into the file exceptions.txt If you find an entry there, like so: ... Invalid base32 string (in /site/modules/TfaTotp/TwoFactorAuth/lib/TwoFactorAuth.php line 190) This indicates that the 2FA code got messed up. Two ways to fix this: Via FTP, move TfaTotp out of /modules/ Login and go to User/Profile While the login session is active, via FTP, move TfaTotp back to /modules/ Disable TfaTotp - and then save your profile page Re-enable TfaTotp - and then save your profile page again. …or (tip from @adrianj): Create a new superuser via the API and login via that and then disable and re-enable 2FA for the affected user via Access > Users. --- More in depth info from @ryan at Github: 2FA login error 500.

Joshua, first, thank you for all your work. It looks like that we need a good solution for compliance also in Germany now (after the BGH ruling) and I am glad, that your plugin is close to what we need already. After comparing existing tools and reading more about the requirements I thought of the following strategy to add to the compliance: (My source of information: https://www.activemind.de/magazin/cookie-consent-banner/) 1. we probably need another category. "Functional" for settings that are not "essential", like settings, example use: remember that a certain popup was closed. Comes after "essential" (or better the order of the selected categories from the backend is remembered) 2. Details collection. This info should to be collected: name of cookie, issuer, purpose, functions, privacy links. Example: name: '_ga, _gid', issuer: 'Google Universal Analytics', purpose: 'Collect statistical data for service improvement.', functions: 'Number of pageviews, link clicked etc. ', privacyLink: 'https://policies.google.com/privacy?hl=en' Some vendors like cookiebot overload their popup with information. I think this confuses more than it helps. Setting content should not be rocket science to average users. Instead, I thought of having the details on a special (manually filled?) compliance page, sorted into category blocks. That means that means another optional link (next to imprint and privacy) in the settings could be useful. If this strategy makes sense, then it would be fancy if your textformatter could handle the consent from there: [[privacywire-category-settings category="statistics" ]] and display a toggle for on/off for that category. (But this has no priority) 3. Styles / Popup responsive? Right now the popup is not working correctly on mobile phones. It is not scrollable, and with lots of description and selections it easily has more content than fitting on a small screen. We need another wrapper div tag for the element and another wrapper div tag with a class for the links - and add classes to all elements like the lists - so this is easier to style. Also the body text is maybe not needed right away so there should be an option in the backend to display that only on the page which opens, when "select" is choosen? Maybe add a field in the backend to drop all the CSS so it is easy to maintain at one place? 4. External media. Can you explain what happens in that case? How can your code handle iframes, e.g. YouTube, Vimeo and maps? What happens if one of the existing video plugins are used? 5. Cookie lifetime of this plugin max 7 days? In Safari and Firefox JavaScript cookies have a short lifetime, even if the cookie is set with a very long expiration date. A user has to opt-in again every 7 days. Is this correct? and is an alternative? Source: https://alightanalytics.com/alight-insights/safari-first-party-cookies/ --- Before a line of code is written, I would ask everyone for feedback and ideas for this concept... --- By the way: here is a nice layout example with a consent banner with kind of your feature set - they also follow the route to move all complicated cookie details to a separate cookie consent page: https://www.osano.com/cookieconsent/download/

Hi Joshua, yes, in Germany, this is not mandatory at the moment - in other EU countries the situation might be different. All German lawyers online with lots of drama about the subject offer - surprise surprise - their own commercial solutions. I have not read any neutral position/comment on the subject yet. As I understand it, the tenor from the BGH is that the user should be able to know exactly what he or she agrees to. According to this, the webdesigner would have to name names. The BGH ruling is still too recent (end of May 2020) and has not yet been implemented in German law. I just want to be prepared. I am irritated to I see the free KLARO goes the same route, listing all the little details. I am not prepared yet to fork and PR. I am thinking about possible concepts right now. Maybe just adding an optional data-attribute with some line of text or a link which is is dispayed with a "read more" in the module's output, so the module does not need to handle every little detail? I am curious about other opinions from EU developers here. (I am also checking out the KARO module for WordPress right now to see how they are managing the information there.) Cheers, Carl

Isn't it required in the new word of EU web bureaucracy to list every single cookie on demand (by category) and explain what is does, where it's from and can set it individually? So, for example, in the same example category "my user settings" I can agree to remember a "my selected language" cookie but not another cookie with "my last page visited"? As Borlabs cookie does it, or Klaro (kind of)? Am I wrong with my understanding of the current GDPR law situation? Or is this implemented already and I just did not find it? (Right now I am evaluation this module against using KLARO directy)

great - I was just preparing a report here just now. Here's a demo video: bug-aos-cke-sourceeditor.mp4

My short feedback: I have gradually changed everything from CAI3 to CAI4 2.0.0-RC02 (8 websites). Everything is going well so far. Strangely enough I sometimes had to click 2x save in the field settings when switching fields to V4 to avoid error messages there. And of course the server works hard when recalculating the images. Otherwise, I didn't notice anything else. The update instructions and the procedure were exemplary.

I have a new problem in combination with WEBP. After cropping the WEBP variants are not deleted so they don't know they need to update In Variants I cannot select WEBP (no checkboxes) for manual deleting. I need to do this in FTP.

NOTE - the great feature of this module has become an option in ProcessWire Core (newer than 3.0.150), also supporting 2FA there. Read more

With this module installed: Parent pages with thousands of children do not open for editing in backend. They timeout with Error 500. I post this here, in case someone else has the problem. Thank @adrian for the hint.

Great so see the comments field get an update. Would it be possible to add some modern needs (options? hooks?) for the comments form to be able to include a mandatory GDPR checkbox with some legal text decide which fields from the form are mandatory and which not saving or not saving the IP address with a setting how long to keep those make it easier go apply UIKIT3 to the layout There are existing workarounds in this forum (by modifying a field clone in /site/) but that is a bit hacky i.m.h.o. for those common needs. Also the documentation linked to from the field admin feels a bit dated for all the extra stuff available...

Maybe it could be great to add freestyle variable fields-list to add to the backend interface, in case you do not want to offer any new option hardcoded in the module?

Now there is a new VIMEO privacy "do-not-track"-option, which should be always on in in the EU: ...?dnt=1 With this, VIMEO does not set a Cookie any more. Source (German): https://www.datenschutz-guru.de/wie-kann-ich-ein-vimeo-video-datenschutzfreundlicher-einbetten/

I do, too. But I thought having the links placed UNDER the Confirm buttons makes more sense? And using a PW selector for the pages takes besser care that the links do not break on changes. (Text links are easily overlooked ?)

For those having access to the premium area of erecht24, here is an intersting information update after the last EUGH decisons: https://www.e-recht24.de/mitglieder/updates/eugh-urteile-cookies-einwilligung-google-analytics/ The world gets more complicated every day and I think the cookie managers too. Small comments: Clicking "accept" was an agreement - so when opening the popup again later, the agreed checkbox could be pre-sected? Or better not? I tried revoking rights, but the Google "GA" cookie is still present. Is deactivating the script enough, musn't there also the Google Tag Manager cookie removed?A lso I can save "no" decision (no checkbox selected). I wonder what that means for the decision taken... I compared this with a WordPress cookie manager and found 2 nice ideas: There a simple counter of how many people opt out. There are 2 links in the pop up under the "Accept" buttons in the right corner: Impressum and Privacy. So in case those madatory links get covered by the popup, those page are still easily accessible.

If allowing "debug" there is also a warning now, that does not go away: Declaration of ProcessWire\FieldtypeCroppableImage3::getModuleConfigInputfields(array $data) should be compatible with ProcessWire\FieldtypeFile::getModuleConfigInputfields(ProcessWire\InputfieldWrapper $inputfields) in //site/modules/CroppableImage3/FieldtypeCroppableImage3/FieldtypeCroppableImage3.module on line 4

In my case, this was an true Error 500 Exception (not a simple warning with some sort of "self healing", as described by Ryan) @matjazp your hint about modifying the module helped. The websites are back and live. For anyone wondering which file is to change, it is this one: /site/modules/CroppableImage3/FieldtypeCroppableImage3/FieldtypeCroppableImage3.module Update 16 October: I saw Ryan tried to address the problem from his end today by updating the core: https://github.com/processwire/processwire-issues/issues/995