Jump to content

PrivacyWire - Cookie Management & async external asset loading


joshua

Recommended Posts

Hi @joshua and fellow cookie munchers. I might have spotted another glitch in the cookie matrix.

What I did/tested: 

I changed the version number in the settings.

What happened:

  1. nothing until I cleared the ProCache cache (which is fine I guess), then afterwards...
  2. the cookie banner showed up again and asked for consent (which was expected) BUT...
  3. all external media assets, tracking scripts, etc. were still loading (which was unexpected)
  4. giving consent closed the banner (fine) BUT it came right back on the next page

Why did it happen:

The test user had already given consent and therefore and old entry existed in the local storage which said sure give me cookies and whatever BUT it didn't recognize the new version and therefore didn't revoke the old opt-in/consent on first load with the new version AND wasn't updated after opting in again.

TL;DR

Changing the version number in the settings does not reset/clear/delete/revoke all previously given and stored local storage settings and won't update after giving consent again to the new version.

  • Like 2
Link to comment
Share on other sites

Thanks @wbmnfktr for noticing this!

There really was a bug with the version number and async loading of scripts etc.

I fixed this in V0.2.5.

After changing the version number in the backend (and refreshing ProCache - especially when you have activated the option to minify local Javascript) PrivacyWire will check the version number first before handling the elements requiring consent.
 

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

Today there are two updates for PrivacyWire (newest Version V0.2.7 )

1. The update of elements after giving consent now observs more attributes (also srcset for responsive images and width/height attributes - especially good for iFrames)

2. When the user wants to choose the detailled cookies, there is now a option to show another "Accept All" Button instead of the "Toggle" Button - configurable via module config.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

On 9/29/2020 at 2:52 PM, DV-JF said:

Is there an opposite option to only show an element if a specific data-category isn't allowed?

I added a feature for this in todays 0.3.0 (not pushed the release tag yet, as there was a lot of rewriting to implement this feature).

If you want to show an opt-in element instead of the consent-required element, just add a data-attribute data-ask-consent="1". Here is an example:

<iframe src="" data-src="https://www.example.com/" data-category="marketing" data-ask-consent="1" frameborder="0" height="400" width="400"></iframe>

In this case, the iframe gets only loaded, when cookies of type "marketing" are allowed. If not, the user will be asked for consent. The text of the consent-window is configurable in the module config.
The markup of this message also includes an css class with the type of cookie, if you want to style them specifically.

  • Like 5
Link to comment
Share on other sites

@joshua thanks for the module.
would you consider changing the header tag into a div?

<header class="privacywire-header"></header>

Some might using page header in their css-files without a class. It might get into style conflicts. What do you think?

  • Like 1
Link to comment
Share on other sites

@ngrmm I had a similar issue and went kind of a different route and added role="main" to my main header and excluded it later on in my PrivacyWire CSS.

header:not([role=main]) {
    // here you go
}

For the moment that should work out quiet nice without any or at least only minor issues - at least when you are working with less, sass, SCSS and similar.

 

  • Like 3
Link to comment
Share on other sites

Thanks a lot for this wonderful module! It works like a charm, except for one little problem:  When I use the "Accept all" button I have to reload the website for the changes to take effect. Selecting specific categories and clicking the "Save preferences" button has immediate effect. Is this an indented behaviour or am I missing something here? 

  • Like 1
Link to comment
Share on other sites

@ngrmm thanks for your input. Semantically header tags are allowed to have multiple instances within one page (e.g. one main page header and one header per <article> etc.).
But I see the point - within the cookie banner a <header> might not be the best semantical element to choose.

To provide backwards compatibility (if someone has already styled the PrivacyWire <header> via CSS) I will add an option to configure the output tag between <header> and <div>.

 

  • Like 2
Link to comment
Share on other sites

@ngrmm That actually was my first type of implementation (separating css and js), but as the CSS file would be very small (554 Byte), it actually is slower to load these two connections vs. loading only one JS file with the CSS included ( even with HTTP/2 - I tested it alot!).

This is the total amount of styles used by PrivacyWire (beautified for better readability):

.privacywire {
    position: fixed;
    bottom: -250%;
    left: 0;
    right: 0;
    box-shadow: 0 -1px 3px rgba(0, 0, 0, .3);
    opacity: 0;
    background: #fff;
    z-index: 1;
    padding: 1rem;
    transition: bottom .3s ease-in, opacity 1s ease-out
}

.privacywire .privacywire-header {
    font-weight: 700
}

.show-banner .privacywire.privacywire-banner,
.show-message .privacywire.privacywire-message,
.show-options .privacywire.privacywire-options {
    bottom: 0;
    opacity: 1;
    transition: bottom .3s ease, opacity .3s ease
}

.privacywire button[hidden],
[data-ask-consent-rendered="1"],
div.privacywire-ask-consent-blueprint {
    display: none
}

You could do the following:

1. Uncheck the config checkbox "Add basic CSS Styling":

grafik.png.a35fcb159fae0b193a4918cffc22b8a8.png
2. Add the styles to your own stylesheet.

  • Like 4
Link to comment
Share on other sites

Nice work!

Question:

I'm finding myself in need of many changes in the banner template, so I had to hook-replace the module's 'render' method.

Would be useful to isolate the path retrieving code in separate hookable functions? Like this:

    /**
     * checks for a banner template alternate path
     * @return string   the path of the banner template file
     */
    public function ___getBannerTemplate()
    {
        return $this->wire('config')->paths->$this . 'PrivacyWireBanner.php';
    }

    /**
     * checks for a javascript file alternate path
     * @return string   the path of the banner template file
     */
    public function ___getJsFile()
    {
        return ($this->add_basic_css_styling) ? $this->wire('config')->urls->$this . "js/PrivacyWire.js" : $this->wire('config')->urls->$this . "js/PrivacyWireUnstyled.js";
    }

Then, I could use it (I am using it, actually) like this (in /site/ready.php):


// my front pages are all extending a FrontPage class
// see https://processwire.com/blog/posts/pw-3.0.152/#new-ability-to-specify-custom-page-classes
if (page() instanceof FrontPage) {

    $wire->addHookAfter('PrivacyWire::getBannerTemplate', function ($event) {
        $event->replace = true;
        $default_path = $event->return;
        $filename = pathinfo($default_path, PATHINFO_BASENAME);
        // my override is in /site/templates/modules/PrivacyWire/PrivacyWireBanner.php
        $override_path = paths()->templates.'modules/PrivacyWire/'.$filename;
        $event->return = is_readable($override_path) ? $override_path : $default_path;
    });

}

 

Or even simpler (for me ?), those could be two new config keys, like 'alternateBannerTemplate' and 'alternateJsFile'.

 

This would also cover the case of needing to change the header tag, so it could be dropped (just a thought, don't hit me in the head, you valiant head tag config defenders ?).

Edited by The G
Corrected embarassing code blooper
  • Like 1
Link to comment
Share on other sites

@The G Your wish is my command ?

I just added another config option for an alternative banner template file! In addition (to be even more flexible ? ) I included your idea of the hookable methods for banner template and js file.

grafik.thumb.png.deb17e56c5937565eb3a2b72a180b36c.png

/**
* checks for a alternate banner template path
* @return string   the path of the banner template file
**/
public function ___getBannerTemplateFile()
{
	return (!empty($this->alternate_banner_template) && file_exists($this->wire('config')->paths->root . $this->alternate_banner_template)) ? $this->wire('config')->paths->root . $this->alternate_banner_template : $this->wire('config')->paths->$this . 'PrivacyWireBanner.php';
}

So now you have to decide whether you prefer to hook or configurate ?

--> 0.3.3 <--

  • Like 4
  • Thanks 2
Link to comment
Share on other sites

So, excited to use the updated version as I was, there was no time for RTFM - even if there was clearly written

without leading slash

, I merrily entered

/site/templates/modules/PrivacyWire/PrivacyWireBanner.php

and BANG!, ProcessWire shouted at me for wanting to use a not allowed path (because of the resulting double slash). I'm still trembling!

Since it breaks so hard, I'm wondering if the input could be somehow forced to loose the leading slashes forgotten by irresponsible people like yours truly. Sadly, I'm not well versed (yet!) in module configuration input validation/modification.

Or at least, write "without leading slash" in bold letters ?

  • Like 1
Link to comment
Share on other sites

Hey @joshua! Would you consider making this module installable via Composer?

Technically this just requires a) adding a composer.json file where you specify project name, type ("pw-module"), and a dependency for installer plugin (preferably wireframe-framework/processwire-composer-installer), b) adding the project to packagist.org, and c) (optional, but recommended) setting up a webhook between GitHub and Packagist so that new releases become automatically available at Packagist (or giving Packagist the permission to handle this step).

Here's an example composer.json from ProcessRedirects: https://github.com/apeisa/ProcessRedirects/blob/master/composer.json.

Thanks in advance for considering this ?

  • Like 3
Link to comment
Share on other sites

  • 4 weeks later...

Hello all.

I decided to try PrivacyWire as had a request for one of my friends websites. So I proceeded to install and configure the module as needed, however I am stuck at how would the cookie consent appear on Home page (banner is not showing automatically). Can someone point me what am I missing as I checked 3 times the configs and did not find a markup to insert or a template to point to in the admin?

Link to comment
Share on other sites

Hello @wbmnfktr

I shall stop coding during late hours of the night. You were absolutely right that during my initial tests on localhost, I've slipped to close properly the body tag and that was causing the issue.

Thank you very much for the spotting and sharing what was obvious. It is all showing properly now, so I only would style it to fit the frontend.

  • Like 1
Link to comment
Share on other sites

Hi @joshua

i tried to have an iframe only be shown if consent is given.
This is my code:

<div data-category='external_media' data-ask-consent='0'>
	<div class='video_content' >";
		<iframe src='https://www.youtube-nocookie.com/embed/XXXXXXXXXX?enablejsapi=1' width='640' height='390' frameborder='0'></iframe>
	</div>
</div>

If consent for external_media is not given, the module asks you to give consent. „To load this element, it is required to consent to the following cookie category: External Media.“ 
But if consent is given, it does not show the div.video_content or the iframe. I tested to have some plaintext instead of the iframe and it works.

So this works:

<div data-category='external_media' data-ask-consent='0'>
	<div class='video_content' >
		<p>hello world!</p>
	</div>
</div>

And it looks like as if  0 or 1 for data-ask-consent does not make any difference.

UPDATE:
my fault, this works!
 

<div class='video_content' >";
	<iframe src='' data-src='https://www.youtube-nocookie.com/embed/XXXXXXXXXX?enablejsapi=1' data-category='external_media' data-ask-consent='0' width='640' height='390' frameborder='0'></iframe>
</div>

 

Edited by ngrmm
solved
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...