Jump to content

PrivacyWire - Cookie Management & async external asset loading


joshua

Recommended Posts

 

20 hours ago, The G said:

Why would you want to include both PrivacyWire.js and PrivacyWireUnstyled.js?

@The G After your post I understood that only one of the mentioned JS files is required. In any case I would like to manage for less HTTP requests as possible. In particular, I would like to merge PrivacyWire JS code into the ProCache JS minified file, and make the same for the CSS.

 

The following procedure makes PrivacyWire to work but still performing one more HTTP request for retrieving the JS file (PrivacyWire.js/PrivacyWireUnstyled.js) in combination with ProCache. 

  1. In PrivacyWire config option, check "Render Banner and Header Content Manually" and uncheck "Add basic CSS Styling".
  2. In directory /site/css/, create the file PrivacyWire.css which includes the PrivacyWire CSS statements.
  3. In source code, add:
<head>
  ...
  
  <link rel="stylesheet" type="text/css" href="<?= $procache->css([
    ...,
    '../assets/css/PrivacyWire.css'
  ]); ?>"></script>
  
  <?php 
    echo $modules->get('PrivacyWire')->renderHeadContent(); 
  ?>
  
</head>
<body>
  ...
  
  <?php
    echo $modules->get('PrivacyWire')->renderBodyContent();
  ?>
</body>

IMHO The above-mentioned PrivacyWire.css file, even if small sized, should be added in the PrivacyWire module directory by design.

 

The issue is that PrivacyWire loads PrivacyWire.js/PrivacyWireUnstyled.js in all cases. Nothing stops it to perform the one more HTTP request to get the JS file.

PW-PrivacyWire-HTTP_Request.thumb.jpg.560bc267333f450baaea5206d4abfadb.jpg

I would like to avoid this behaviour in order to merge the PrivacyWire JS and CSS code into ProCache JS and CSS chaining. With the above code I can do it for the CSS file but not for the JS file.

Link to comment
Share on other sites

Hmm, I think you didn't read the instructions carefully enough. Did you notice a "Use ProCache JS Minification (if available)" checkbox near the end of the settings? Not tried it myself, but AFAIK you don't need to mess with other settings if what you want is just ProCache minification.

Try this: uncheck "Render Banner and Header Content Manually", take out the code you manually inserted into the templates and check "Use ProCache JS Minification (if available)".

Regarding CSS: styles are inserted by JavaScript (PrivacyWire.js), so no module CSS file is needed. If you choose the unstyled version, the module will load PrivacyWireUnstyled.js instead leaving the styling up to you (I chose to use the unstyled version and insert the needed styles into my main CSS file, since it will be loaded on every page. Either way seem good solutions to me - the styles are only needed together with the JavaScript.

Off-topic: I'd love an inline code plugin for the forum's editor.

Link to comment
Share on other sites

24 minutes ago, The G said:

Hmm, I think you didn't read the instructions carefully enough. Did you notice a "Use ProCache JS Minification (if available)" checkbox near the end of the settings? Not tried it myself, but AFAIK you don't need to mess with other settings if what you want is just ProCache minification.

@The G I noticed of that config option, but the "one more HTTP request" is still performed either way by checking and unchecking the "Use ProCache JS Minification (if available)". I would like to merge the PrivacyWire JS code (PrivacyWire.js/PrivacyWireUnstyled.js) into my ProCache JS minified file.

That is, I would like to make something like this:

<head>
  ...
  
  <script src="<?= $procache->js([
    ...,
    '../modules/PrivacyWire/js/PrivacyWireUnstyled.js'
  ]); ?>"></script>
  
  ...
</head>

And stop PrivacyWire to perform its "one more HTTP request" to get the PrivacyWire.js/PrivacyWireUnstyled.js file (ProChaced or not) since I load it myself.

The point here is avoiding the "one more HTTP request". It's a matter of performance.

 

IMHO A config option for this should be added or improved. 

Link to comment
Share on other sites

I don't think that the file you see requested comes from the module. Pro Cache should automatically merge and minify PrivacyWireUnstyled.js.

Did you took out the code you added in the templates and cleared the cache afterwards? Try uninstalling the module and see if you still have PrivacyWireUnstyled.js requested. Don't forget to clear the cache after any change.

Link to comment
Share on other sites

1 hour ago, The G said:

I don't think that the file you see requested comes from the module. Pro Cache should automatically merge and minify PrivacyWireUnstyled.js.

I think the PrivacyWire.js/PrivacyWireUnstyled.js file is requested by the PrivacyWire module (see functions ___render()renderHeadContent() > ___getJsFile()). ProCache automatically merges and minifies all js/css files into one file only if in PW Admin > Setup > ProCache the "merge options" are checked BTW since my js/css files change from page to page, I uncheck all these "merge options" (as also advised in ProCache itself).

In other words, I would like to have more control on what is loaded by PrivacyWire.

 

1 hour ago, The G said:

Did you took out the code you added in the templates and cleared the cache afterwards? Try uninstalling the module and see if you still have PrivacyWireUnstyled.js requested. Don't forget to clear the cache after any change.

Of course, if I uninstall the PrivacyWire module I don't get the HTTP request that retrieves the PrivacyWire.js/PrivacyWireUnstyled.js file.

Link to comment
Share on other sites

4 hours ago, LAPS said:

[...]

That is, I would like to make something like this:


<head>
  ...
  
  <script src="<?= $procache->js([
    ...,
    '../modules/PrivacyWire/js/PrivacyWireUnstyled.js'
  ]); ?>"></script>
  
  ...
</head>

[...]

 The module's output uses the same function (renderHeadContent) :

<script defer src='{$this->wire('modules')->get('ProCache')->js($this->getJsFile())}'></script>

One way to insert just the JavaScript URL in your array would be to check "Render Banner and Header Content Manually" and to use $modules->get('PrivacyWire')->getInlineJs() and $modules->get('PrivacyWire')->getJsFile() instead of $modules->get('PrivacyWire')->renderHeadContent().

 

Edited by The G
Syntax highlighting
  • Like 3
Link to comment
Share on other sites

The following procedure makes PrivacyWire to work in combination with ProCache, performing the minimum amount of HTTP requests. 

  1. In PrivacyWire config option, check "Render Banner and Header Content Manually" and uncheck "Add basic CSS Styling".
  2. In directory /site/css/, create the file PrivacyWire.css which includes the PrivacyWire CSS statements.
  3. In source code, add:
<head>
  ...
  
  <!-- CSS -->
  
  <link rel="stylesheet" type="text/css" href="<?= $procache->css([
    ...,
    '../assets/css/PrivacyWire.css'
  ]); ?>"></script>
  
  
  <!-- JS -->
  
  <!-- Note: Here order is important. Render these two lines before adding PrivacyWireUnstyled.js -->
  <script>var PrivacyWireSettings=<?= $modules->get('PrivacyWire')->getInlineJs() ?></script>
  <?= $modules->get('PrivacyWire')->renderBodyContent(); ?>
  
  <script src="<?= $procache->js([
    ...,
    '../modules/PrivacyWire/js/PrivacyWireUnstyled.js'
  ]); ?>"></script>
  
</head>
<body>
  ...
</body>

Not an elegant way to make things but it works.

Any improvement is welcome.

Link to comment
Share on other sites

Hi everyone,

did I understood it correctly, that you want to to include the JS provided by PrivacyWire in one combined file with your other JS files via ProCache?
And the same with the CSS styles?
This actually requires some steps, as PrivacyWire needs the inline script (to pass the backend settings to the frontend), the body content (to have the DOM elements of the banner) and the JS file (to provide the functionality).

With the newest PrivacyWire version (0.4.4) you can do it that way:

Check the "Render Banner and Header Content Manually" in the PrivacyWire config options:
grafik.png.153d046c2033e3927801d2f356918c8d.png

Add the required elements as followed:

<html>
  <head>
    <!-- your head content -->
    <?php
    // load the css files
    echo $procache->link([
        $config->urls->template . "path/to/your/stylesheet.css",
        $modules->get("PrivacyWire")->getPathToCssFile()
    ]);
    
    // load the inline script -> needs to be before the other scripts
    echo $modules->get("PrivacyWire")->getInlineJavaScriptTag();
    ?>
  </head>
  <body>
    <!-- your body content -->
    <?php
    // render the required DOM elements
    echo $modules->get("PrivacyWire")->renderBodyContent();
    
    // render the JavaScript files
    echo $procache->script([
    $config->urls->template . "path/to/your/scripts.js",
    $modules->get("PrivacyWire")->getJsFile()
]);
    ?>
  </body>
</html>

 

  • Like 1
Link to comment
Share on other sites

22 hours ago, Torsten Baldes said:

Is there a way (a public js function) to trigger the functionality (loading iframes) for elements which are added dynamically?

Hi @Torsten Baldes,

right now there is no such functionality available. I'm will try some ways to implement this soon.

Link to comment
Share on other sites

1 hour ago, joshua said:

did I understood it correctly, that you want to to include the JS provided by PrivacyWire in one combined file with your other JS files via ProCache?

Yes

1 hour ago, joshua said:

And the same with the CSS styles?

Yes

 

Waiting for the availability of the newest PrivacyWire version (0.4.4) to give it a try.

Link to comment
Share on other sites

Hey everyone,

I did a lot of refactoring of PrivacyWire this weekend - both for the backend and frontend.
The Javascript core of PrivacyWire is nearly completely rewritten in ES6. This results in much better readability and of course extensibility. For examle, as asked by @Torsten Baldes, one can now manually trigger to refresh the element detection of PrivacyWire by simple running the following function afterwards:

window.PrivacyWire.refresh();

You'll find a brief overview of the updates here: https://github.com/blaueQuelle/privacywire/blob/es6/CHANGELOG.md#101b-beta

Right now this update is in an separate branch at github: https://github.com/blaueQuelle/privacywire/tree/es6
I would be happy if some of you could test this version in your dev environment.
If you haven't used any hooks or modifications, it should just run without any changes.

I'm looking forward to your feedback! ?

Best,
Joshua

 

Edited by joshua
Updated version number
  • Like 4
  • Thanks 2
Link to comment
Share on other sites

@LAPS With this new version, there are even more customizations available. Have a look into the comments in PrivacyWire.module.

This example code does the same as the one from my post from last Friday, but with the new syntax of the new version:

<html>
  <head>
    <!-- your head content -->
    <?php
    $privacywire = $modules->get("PrivacyWire");
    // load the css files
    echo $procache->link([
        $config->urls->template . "path/to/your/stylesheet.css",
        $privacywire->getPrivacyWireStyles()->url
    ]);
    
    // load the inline script
    echo $privacywire->renderPrivacyWireConfigAsInlineJs();
    ?>
  </head>
  <body>
    <!-- your body content -->
    <!-- your body content -->
    <!-- your body content -->
    <?php
    // render the required DOM elements
    echo $privacywire->bodyContent;
    
    // render the JavaScript files
    echo $procache->script([
    $config->urls->template . "path/to/your/scripts.js",
    $privacywire->getPrivacyWireCore()->url
]);
    ?>
  </body>
</html>

 

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...

@joshua is there something like a „clear cookie“ function?

Let's say user clicks on „allow all“ and some google-cookies (statistics) are set. Now users changes his mind and will go to the cookie-options and unset the statistics-cookie checkbox and saves his options. Right now the statistics-cookies remain.

Link to comment
Share on other sites

Right now there is no "clear cookie" function. You could add an custom js function, which gets triggered after saving the consent and insert the function name in the module config option.

grafik.png.3b13bd981f7e2d76d228cf879f4b33a8.png

One easy way to not use google analytics afterwards, would be a simple reload:

var reloadAfterConsent = function() {
  window.location.reload();
};

After the reload, the google script will not be loaded again, but the cookies will remain.

To also delete existing cookies, some extra work is needed as PrivacyWire don't know, what cookies got set by which script and you probably don't want to delete all cookies.
You could write a function to check for current consent state and delete cookies, if no consent to a specific category is given.
Here is a very rough (and not tested in real life) idea, how you could do something like this:

function eraseCookie(name) {   
    document.cookie = name+'=; expires=Thu, 01 Jan 1970 00:00:00 UTC;';  
}

var removeGoogleCookies = function() {
  if(window.PrivacyWire.userConsent.cookieGroups.statistics !== true) {
    eraseCookie("_ga");
    eraseCookie("_gid");
	// or whatever your cookie names are
  }
};

And then add removeGoogleCookies to the "Trigger a custom js function" config option. This script is written with the new logic from the ES6 branch, should also work in earlier versions with different naming though.

 

  • Like 1
Link to comment
Share on other sites

great! thanks again @joshua

But i wasn't able to find any info in the window object path you suggested.
I found it here: window.localStorage.privacywire
 

But this

console.log(window.localStorage.privacywire)

outputs a string, so i'm not able to check with

if(window.localStorage.privacywire.statistics !== true) {
	// remove cookies
}

Am i missing something?

Link to comment
Share on other sites

As far as I know, you only can store strings in localStorage. So, without having a look into the code, I know it is common usage to stringify objects before writing them into localStorage, and to JSON.parse() them after retrieving from it. Just try something like this:

var obj = JSON.parse(window.localStorage.getItem('privacyWire'));

 

  • Like 1
Link to comment
Share on other sites

thanks @horst

for js-beginners like me here is my solution:

function eraseCookie(name) {
  document.cookie = name+'=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; Domain=.your-domain.tld;';  
}

var privacyWireCookies = JSON.parse(window.localStorage.getItem('privacywire'));

if (privacyWireCookies !== null) {
  if(privacyWireCookies.statistics == false) {
  	eraseCookie("cookiename");
  }
}

Be aware that you have set the domain to be able to remove the cookies for google-analytics!

Edited by ngrmm
  • Like 1
Link to comment
Share on other sites

On 4/17/2020 at 2:53 PM, PK Mi43 said:

Hello everyone,

first of all thank you @joshua for your example with external media. Greatly appreciated.

Right now i was tasked to integrate a Facebook Pixel onto a website. I assume i just do the same i did with Google Analytics and add the type/data-type/data-category "statistics" to the <script> tag. Easy!?

What about the following part:


<noscript>
  <img height="1" width="1" src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1"/>
</noscript>

Can/do i use the same procedure just with <noscript> instead of <script>, e. g.


<noscript type="optin" data-type="text/javascript" data-category="statistics">

or do i use the new (v0.0.5) implemented


<img type="optin" data-category="statistics" data-src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1" width="1" height="1">

without the <noscript></noscript> part?

 

Thanks in advance for your help, again. Have a great weekend and stay safe.

@joshua is there any solution for this?

 

 

Link to comment
Share on other sites

1 minute ago, joshua said:

Without enabled JavaScript (thus the <noscript> tag), it is not possible to asynchronously load something (as there is no JavaScript to do so – chasing one's own tail).

?

ok, is it possible to do this via php?

$_COOKIE["cookieName"];

 

Link to comment
Share on other sites

Just now, ngrmm said:

ok, is it possible to do this via php?

In theory yes, but as PrivacyWire is not able to set the cookie without JavaScript in the first place, there is no cookie or localStorage to check.
Also caching might be a problem when doing this with php.

 

Link to comment
Share on other sites

EDIT: found the problem!

| orig. post ------------------------------------------------------------->

I have a need to manually use the textformatters of VideoEmbed and PrivacyWire. As far as I understand it, it should be possible to do it with VieoEmbed first and PrivacyWire second. But it seems not to match with the video I tried.

My code is:

// A)
$videoMarkup =  "<p>{$blogitem->blog_video_url}</p>";

// B)
$mod = wire('modules')->get('TextformatterVideoEmbed');
$mod->format($videoMarkup);

// C)
$mod = wire('modules')->get('TextformatterPrivacyWire');
$mod->format($videoMarkup);

Debug outputs are:

// A)
array(1) 
{
  ["$videoMarkup"] string(49) "
<p>https://youtu.be/XXXXXXXXXX</p>
"
}

// B)
array(2) 
{
  ["Textormatter"]           object(ProcessWire\TextformatterVideoEmbed)#458 (1) 
  {
    ["data"]                 array(7) 
    {
      ["maxWidth"]           int(640)
      ["maxHeight"]          int(480)
      ["responsive"]         int(1)
      ["rewind2start"]       int(1)
      ["clearCache"]         string(0) ""
      ["uninstall"]          string(0) ""
      ["submit_save_module"] string(8) "Absenden"
    }
  }
  ["$videoMarkup"]           string(492) "
<div class='TextformatterVideoEmbed' style='position:relative;padding:30px 0 56.25% 0;height:0;overflow:hidden;'><iframe style='position:absolute;top:0;left:0;width:100%;height:100%;' width="640" height="360" src="https://www.youtube.com/embed/XXXXXXXXXX?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></div>
"
}

// C)
array(2) 
{
  ["Textormatter"]           object(ProcessWire\TextformatterPrivacyWire)#491 (1) 
  {
    ["data"]                 array(5) 
    {
      ["open_tag"]           string(2) "[["
      ["close_tag"]          string(2) "]]"
      ["video_category"]     string(14) "external_media"
      ["uninstall"]          string(0) ""
      ["submit_save_module"] string(8) "Absenden"
    }
  }
  ["$videoMarkup"]           string(492) "
<div class='TextformatterVideoEmbed' style='position:relative;padding:30px 0 56.25% 0;height:0;overflow:hidden;'><iframe style='position:absolute;top:0;left:0;width:100%;height:100%;' width="640" height="360" src="https://www.youtube.com/embed/XXXXXXXXXX?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></div>
"
}

 

Is it wrong how I used it, or why isn't it working as expected, or where can I look into to find the reason?

<------------------------------------------------------------ orig. post |

 

EDIT: To answer my own question: "Yes I used it wrong!" ?

// C)
$mod = wire('modules')->get('TextformatterPrivacyWire');
$mod->format($videoMarkup);

This was wrong. The TextformatterPrivacyWire module only supports the method ->formatValue(), not ->format(). The following line works and now the result is as expected:

$mod->formatValue(new Page(), new Field(), $videoMarkup);

So, just wondering why it not uses the format() method, because there seems no need for a page and a field?

Edited by horst
SOLVED the problem!
Link to comment
Share on other sites

  • 1 month later...

I installed PrivacyWire and am having a hard time testing if it's doing what it should. I can check the cookies in the Google Chrome console under "Application". Before I accept and if I reject the cookies in question, there shouldn't be any, otherwise there should, right? Well they are never there, no matter how.

Here's what I do and what I use to test.

<iframe 
src="https://player.vimeo.com/video/<?=$page->vimeoID;?>?color=5a90ff&portrait=0" 
style="position:absolute;top:0;left:0;width:100%;height:100%;" 
frameborder="0" 
allow="autoplay; fullscreen" 
allowfullscreen>
</iframe>
<script data-src="https://vimeo.com/" data-category="marketing" src="https://player.vimeo.com/api/player.js"></script>

As you can see, i put data-src="https://vimeo.com/" data-category="marketing" inside the script tag so to categorise the cookies set by this script as marketing-cookie. Is that right? Is that enough? Should that work? Maybe there just is no cookie set by the vimeo-script and I waste my time to handle it? 

Also, I have a newsletter-subscripion form using a third-party newsletter-service. I guess I need to add another data-attributes to the <script> in use. What category would that be? 

thanks for help

EDIT:

actually, when I view the embedded video on the website, no cookie is set. But if I click on the vimeo-link inside the viewer, bringing me to vimeo.com, I get 13 cookies expiring in 1 year. Whether I don't select anything in the cookie consent, "accept only necessary cookies" or "accept marketing cookies" doesn't make any difference, it's always 13 cookies. Doesn't seem right…

The cookie domain of these 13 cookies in the console is .vimeo.com, so are they out of scope? Maybe it's just my lack of understanding… 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...