Jump to content

PrivacyWire - Cookie Management & async external asset loading


joshua

Recommended Posts

---
Module Directory: https://modules.processwire.com/modules/privacy-wire/
Github: https://github.com/blaueQuelle/privacywire/
Packagist:https://packagist.org/packages/blauequelle/privacywire
Module Class Name: PrivacyWire
Changelog: https://github.com/blaueQuelle/privacywire/blob/master/Changelog.md

---

This module is (yet another) way for implementing a cookie management solution.

Of course there are several other possibilities:
- https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
- https://github.com/webmanufaktur/CookieManagementBanner
- https://github.com/johannesdachsel/cookiemonster
- https://www.oiljs.org/
- ... and so on ...

In this module you can configure which kind of cookie categories you want to manage:
privacywire-module-config.thumb.jpg.5d002e91ceb1df770d6804b47c345fee.jpg
You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.

Currently there are four possible cookie groups:
- Necessary (always enabled)
- Functional
- Statistics
- Marketing
- External Media
All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...

When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:

<script type="text/plain" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script>
<script type="text/plain" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script>
<script type="text/plain" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script>

<script type="text/plain" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script>

The data-attributes (data-type and data-category) are required to get recognized by PrivacyWire. the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.

If you want to give the users the possibility to change their consent, you can use the following Textformatter:

[[privacywire-choose-cookies]]

It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
You can also add a custom link to output the banner again with a link / button with following class:

<a href="#" class="privacywire-show-options">Show Cookie Options</a>

<button class="privacywire-show-options">Show Cookie Options</button>

 

I would love to hear your feedback 🙂

CHANGELOG

You can find the always up-to-date changelog file here.

  • Like 21
  • Thanks 3
Link to comment
Share on other sites

@joshua Nice! Thanks for sharing.

Can this module be used for multi-lingual sites? i.e. If I wanted to translate the banner texts and labels, is that possible out of the box? Or would I have to manually re-define the module's text fields as text/textarea language?

  • Like 1
Link to comment
Share on other sites

You can simply write your own CSS. In the module included are only some basic styles (less than 500 byte) which are directly included via JS. I tried to keep the module as slim as possible, the javascript has only 3.05 kb (gzipped) with all the functionality.
You can see an example of styling at our website or this website.

I usually only style the div.privacywire and the buttons to match the website styles.

Link to comment
Share on other sites

On 2/16/2020 at 4:07 PM, dragan said:

Can this module be used for multi-lingual sites? i.e. If I wanted to translate the banner texts and labels, is that possible out of the box? Or would I have to manually re-define the module's text fields as text/textarea language?

I today integrated the multi-language support for all the config fields.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

Update - Version 0.0.6

  • Minor CSS-Debugging (hiding the choose button when no cookie group is selected)
  • Added ProCache support for the script tag, when ProCache is installed
  • Like 2
Link to comment
Share on other sites

Hi @joshua,

thank you for this great module! Would you consider a suggestion to enable an "option out" approach on the check-boxes. I know this is controversial, but some clients insist on having this. 

Another question, do you know if there's a way to have a granular control on the scripts loaded by Google Tag Manager?

Link to comment
Share on other sites

Hi Sergio,

thank you! 🙂 Glad you like the module. I actually never thought about the "opt out" approach as our customers or their "Data protection officer" requested the opt-in version.
Do you mean this approach for "pre-selecting" the checkboxes within the choose-window? That would be not to hard to implement, I could add an option for this to the module config.
More difficult would it be to automatically load all scripts on page load and only stop specific categories, when the user choose to opt-out.

About the Google Tag Manager: I have no experience in this kind of granular control within the GTM. Maybe this article could help?

 

 

  • Like 1
Link to comment
Share on other sites

16 hours ago, Sergio said:

Another question, do you know if there's a way to have a granular control on the scripts loaded by Google Tag Manager?

With klaro consent manager you can gain control over the scripts loaded by GTM. See this issue. (I'm not affiliated with that project in any way, just using it on a couple of sites)

It is implemented via custom callback functions for each app that is managed by the consent manager. @joshua Maybe you could go a similar route to make configuration more flexible and tweakable? And thanks for putting this together!

And a suggestion for improvement: The type="optin" attribute is not a valid script attribute. So W3C Validator will not like it. You could use text/plain instead. That is not very semantic but could help to pass validator tests...

  • Like 3
Link to comment
Share on other sites

6 hours ago, joshua said:

More difficult would it be to automatically load all scripts on page load and only stop specific categories, when the user choose to opt-out.

Yep, that's the challenge indeed. I need to take a look at how Klaro does that, as mentioned by @gebeer. 

Link to comment
Share on other sites

  • 3 weeks later...

Hello everyone,

i managed to implement your module and integrade GTM with it like in the examples you've posted from your websites. Thank you for that!

Two things i would like to ask:

  1. It seems like that the Imprint and Privacy Policy URLs are ignoring the different languages. It doesn't matter if i use the full https-url or just /de/impressum/ | /en/imprint/ etc., it will always link me to the default language. Am i doing something wrong or is this a minor bug?
  2. Could you give an example how to handle external media like embedded YouTube-Videos or GoogleMaps? Unfortunately my skills and knowledge are not good enough to manage it on my own.

Thanks in advance and stay safe.

 

  • Like 1
Link to comment
Share on other sites

Thanks for your feedback!

I'll look into bug about the privacy URL in different languages later today.
For embedding videos I'll also write an example and update the main post later with this.

  • Like 2
Link to comment
Share on other sites

Thank you for this module. It works great.

I ran my webpage through W3C validation and it gave me these errors. Any suggestions on how to fix it? (Procache strips the quotes, but it's in the code). Thank you.

  1. Error: Bad value optin for attribute type on element script: Subtype missing.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=Ufkjdkfj"></scri

  2. Error: Element script must not have attribute async unless attribute src is also specified or unless attribute type is specified with value module.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=dfdfdfdf"></scri

  • Like 1
Link to comment
Share on other sites

On 3/25/2020 at 4:20 PM, PK Mi43 said:

Hello everyone,

i managed to implement your module and integrade GTM with it like in the examples you've posted from your websites. Thank you for that!

Two things i would like to ask:

  1. It seems like that the Imprint and Privacy Policy URLs are ignoring the different languages. It doesn't matter if i use the full https-url or just /de/impressum/ | /en/imprint/ etc., it will always link me to the default language. Am i doing something wrong or is this a minor bug?
  2. Could you give an example how to handle external media like embedded YouTube-Videos or GoogleMaps? Unfortunately my skills and knowledge are not good enough to manage it on my own.

Thanks in advance and stay safe.

 

Thanks again for your feedback. I tested the privacy & imprint URLs and there really was a small bug about the multi language URLs.
When you update the module the multi language URLs should work now.

Example of external media:

<!-- This is the output container -->
<div id="player"></div>


<script type="optin" data-type="text/javascript" data-category="external_media">
        // 2. This code loads the IFrame Player API code asynchronously.
      var tag = document.createElement('script');

      tag.src = "https://www.youtube.com/iframe_api";
      var firstScriptTag = document.getElementsByTagName('script')[0];
      firstScriptTag.parentNode.insertBefore(tag, firstScriptTag);

      // 3. This function creates an <iframe> (and YouTube player)
      //    after the API code downloads.
      var player;
      function onYouTubeIframeAPIReady() {
        player = new YT.Player('player', {
          height: '360',
          width: '640',
          videoId: 'M7lc1UVf-VE',
          events: {
            'onReady': onPlayerReady,
            'onStateChange': onPlayerStateChange
          }
        });
      }

      // 4. The API will call this function when the video player is ready.
      function onPlayerReady(event) {
        event.target.playVideo();
      }

      // 5. The API calls this function when the player's state changes.
      //    The function indicates that when playing a video (state=1),
      //    the player should play for six seconds and then stop.
      var done = false;
      function onPlayerStateChange(event) {
        if (event.data == YT.PlayerState.PLAYING && !done) {
          setTimeout(stopVideo, 6000);
          done = true;
        }
      }
      function stopVideo() {
        player.stopVideo();
      }

    </script>

See this for more info about the YouTube API. The code above is from their example.

  • Like 2
  • Thanks 1
Link to comment
Share on other sites

On 3/27/2020 at 1:40 PM, montero4 said:

Thank you for this module. It works great.

I ran my webpage through W3C validation and it gave me these errors. Any suggestions on how to fix it? (Procache strips the quotes, but it's in the code). Thank you.

  1. Error: Bad value optin for attribute type on element script: Subtype missing.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=Ufkjdkfj"></scri

  2. Error: Element script must not have attribute async unless attribute src is also specified or unless attribute type is specified with value module.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=dfdfdfdf"></scri

That's right, currently the W3C does not validate.  @gebeer also mentioned this with the possible solution to use "text/plain" instead of "optin".
I'm planning to implement this solution, but as an optional addition to keep backwards compatibility for the users who already use the "optin" variant.

  • Like 4
  • Thanks 1
Link to comment
Share on other sites

Thank you for this module. I like it.

Is there a posibility to notice them who saves the cookie. To make a documentation of it. So far I know, the privacy policy says, you have to do that.

Its very strange and nonsensical in my opinion. Perhaps it ist possible to make a entry in logs. This would be very great.

Perhaps others know, what is realy necessary.   

Link to comment
Share on other sites

Hi @joshua,

I really like your module, especially the way how scripts are loaded asynchronous. Thank you for sharing!

It would be nice if you would use data-type="optin" instead of type="optin" in order to have valid HTML5.
 

Many greets!

Link to comment
Share on other sites

By the way: This is really helpful.

On 2/16/2020 at 1:07 PM, joshua said:

<img type="optin" data-category="marketing" data-src="https://via.placeholder.com/300x300">

@joshua Is there an opposite option to only show an element if a specific data-category isn't allowed? I want to display the link for managing cookies only to users if cookies of a certain kind are not allowed.

Link to comment
Share on other sites

Hello everyone,

first of all thank you @joshua for your example with external media. Greatly appreciated.

Right now i was tasked to integrate a Facebook Pixel onto a website. I assume i just do the same i did with Google Analytics and add the type/data-type/data-category "statistics" to the <script> tag. Easy!?

What about the following part:

<noscript>
  <img height="1" width="1" src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1"/>
</noscript>

Can/do i use the same procedure just with <noscript> instead of <script>, e. g.

<noscript type="optin" data-type="text/javascript" data-category="statistics">

or do i use the new (v0.0.5) implemented

<img type="optin" data-category="statistics" data-src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1" width="1" height="1">

without the <noscript></noscript> part?

 

Thanks in advance for your help, again. Have a great weekend and stay safe.

Link to comment
Share on other sites

  • 4 weeks later...

I've updated the module today to add the W3C validation.
Starting now the type can be "text/plain" instead of "optin", the js will detect the elements via the data-category attribute. I will update the documentation.

On 4/9/2020 at 5:45 PM, DV-JF said:

Is there an opposite option to only show an element if a specific data-category isn't allowed?

That's a good point. Right now there isn't a detection for this but I'll think about a way to implement this.

 

On 4/4/2020 at 7:10 AM, hintraeger said:

Is there a posibility to notice them who saves the cookie. To make a documentation of it. So far I know, the privacy policy says, you have to do that.

When you add a button to change cookie preferences in your privacy policy, the selected options are pre-selected, so one could say it's "documented". I'm not sure if this is sufficient for your case?
 

On 4/17/2020 at 2:53 PM, PK Mi43 said:

Can/do i use the same procedure just with <noscript> instead of <script>, e. g.

That will not work, as the loading works via javascript. When javascript is disabled (and the <noscript> tag comes into play), PrivacyWire isn't loaded as well so it cannot load the <noscript> tag.

  • Like 1
Link to comment
Share on other sites

On 5/10/2020 at 1:41 PM, joshua said:

That will not work, as the loading works via javascript. When javascript is disabled (and the <noscript> tag comes into play), PrivacyWire isn't loaded as well so it cannot load the <noscript> tag.

Thank you for your explanation, that makes sense. So would i leave it just as it is, or get rid of it alltogether since the cookie banner requires javascript?

Does anyone have experience with it, or would this be too much work to implement?

Link to comment
Share on other sites

  • 3 weeks later...

Isn't it required in the new word of EU web bureaucracy to list every single cookie on demand (by category) and explain what is does, where it's from and can set it individually?

So, for example, in the same example category "my user settings" I can agree to remember a "my selected language" cookie but not another cookie with "my last page visited"?

As Borlabs cookie does it, or Klaro (kind of)?

Am I wrong with my understanding of the current GDPR law situation? Or is this implemented already and I just did not find it?

(Right now I am evaluation this module against using KLARO directy)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By MarkE
      This fieldtype and inputfield bundle was built for storing measurement values within a field, rendering them in a variety of formats and converting them to other units or otherwise modifying them via the API.
      The API consists of a number of predefined functions, some of which include...
      render() for rendering the measurement object, valueAs() for converting the value to another unit value, convertTo() for converting the whole measurement object to different units, and add() and subtract() for for modifying the stored value by the value (converted as required) in another measurement. In the admin the inputfield includes a checkbox (which can be optionally disabled) for converting values on page save. For an example if a value was typed in as centimeters, the unit was changed to metres, and the page saved with this checkbox selected, said value would be automatically converted so that e.g. 170 cm becomes 1.7 m.

      A simple length field using Fieldtype Measurement and Inputfield Measurement.
      Combination units (e.g. feet and inches) are also supported.
      Please note that this module is 'proof of concept' at the moment - there are limited units available and quite a lot of code tidying to do. More units will be added shortly.
      See the GitHub at https://github.com/MetaTunes/FieldtypeMeasurement for full details and updates.
    • By tcnet
      File Manager for ProcessWire is a module to manager files and folders from the CMS backend. It supports creating, deleting, renaming, packing, unpacking, uploading, downloading and editing of files and folders. The integrated code editor ACE supports highlighting of all common programming languages.
      https://github.com/techcnet/ProcessFileManager

      Warning
      This module is probably the most powerful module. You might destroy your processwire installation if you don't exactly know what you doing. Be careful and use it at your own risk!
      ACE code editor
      This module uses ACE code editor available from: https://github.com/ajaxorg/ace

      Dragscroll
      This module uses the JavaScript dragscroll available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability to drag the table horizontally with the mouse pointer.
      PHP File Manager
      This module uses a modified version of PHP File Manager available from: https://github.com/alexantr/filemanager
       
    • By tcnet
      This module implements the website live chat service from tawk.to. Actually the module doesn't have to do much. It just need to inserted a few lines of JavaScript just before the closing body tag </body> on each side. However, the module offers additional options to display the widget only on certain pages.
      Create an account
      Visit https://www.tawk.to and create an account. It's free! At some point you will reach a page where you can copy the required JavaScript-code.

      Open the module settings and paste the JavaScript-code into the field as shown below. Click "Submit" and that's all.

      Open the module settings
      The settings for this module are located int the menu Modules=>Configure=>LiveChatTawkTo.

       
    • By tcnet
      Session Viewer is a module for ProcessWire to list session files and display session data. This module is helpful to display the session data of a specific session or to kick out a logged in user by simply delete his session file. After installation the module is available in the Setup menu.

      The following conditions must be met for the module to work properly:
      Session files
      Session data must be stored in session files, which is the default way in ProcessWire. Sessions stored in the database are not supported by this module. The path to the directory where the session files are stored must be declared in the ProcessWire configuration which is by default: site/assets/sessions.
      Serialize handler
      In order to transform session data easier back to a PHP array, the session data is stored serialized. PHP offers a way to declare a custom serialize handler. This module supports only the default serialize handlers: php, php_binary and php_serialize. WDDX was dropped in PHP 7.4.0 and is therefore not supported by this module as well as any other custom serialize handler. Which serialize handler is actually used you can find out in the module configuration which is available under Modules=>Configure=>SessionViewer.

      Session data
      The session data can be displayed in two different ways. PHP's default output for arrays print_r() or by default for this module nice_r() offered on github: https://github.com/uuf6429/nice_r. There is a setting in the module configuration if someone prefers print_r(). Apart from the better handling and overview of the folded session data the output of nice_r() looks indeed nicer.

      Links
      ProcessWire module directory
      github.com
    • By Robin S
      Repeater Easy Sort
      Adds a compact "easy-sort" mode to Repeater and Repeater Matrix, making those fields easier to sort when there are a large number of items.
      The module also enhances Repeater Matrix by allowing a colour to be set for each matrix type. This colour is used in the item headers and in the "add new" links, to help visually distinguish different matrix types in the inputfield.
      Screencasts
      A Repeater field

      A Repeater Matrix field with custom header colours

      Easy-sort mode
      Each Repeater/Matrix item gets an double-arrow icon in the item header. Click this icon to enter easy-sort mode.
      While in easy-sort mode:
      The items will reduce in width so that more items can be shown on the screen at once. The minimum width is configurable in the field settings. Any items that were in an open state are collapsed, but when you exit easy-sort mode the previously open items will be reopened. You can drag an item left/right/up/down to sort it within the items. The item that you clicked the icon for is shown with a black background. This makes it easier to find the item you want to move in easy-sort mode. You can click an item header to open the item. An "Exit easy-sort mode" button appears at the bottom of the inputfield. Configuration
      In the field settings for Repeater and Repeater Matrix fields you can define a minimum width in pixels for items in easy-sort mode. While in easy-sort mode the items will be sized to neatly fill the available width on any screen size but will never be narrower than the width you set here.
      In the field settings for Repeater Matrix you can define a custom header colour for each matrix type using an HTML "color" type input. The default colour for this type of input is black, so when black is selected in the input it means that no custom colour will be applied to the header.
      Exclusions
      The easy-sort mode is only possible on Repeater/Matrix fields that do not use the "item depth" option.
       
      https://github.com/Toutouwai/RepeaterEasySort
      https://processwire.com/modules/repeater-easy-sort/
×
×
  • Create New...