Jump to content
joshua

PrivacyWire - Cookie Management & async external asset loading

Recommended Posts

This module is (yet another) way for implementing a cookie management solution.

Of course there are several other possibilities:
- https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
- https://github.com/webmanufaktur/CookieManagementBanner
- https://github.com/johannesdachsel/cookiemonster
- https://www.oiljs.org/
- ... and so on ...

In this module you can configure which kind of cookie categories you want to manage:
privacywire-module-config.thumb.jpg.5d002e91ceb1df770d6804b47c345fee.jpg
You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.

Currently there are four possible cookie groups:
- Necessary (always enabled)
- Statistics
- Marketing
- External Media
All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...

When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:

<script type="text/plain" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script>
<script type="text/plain" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script>
<script type="text/plain" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script>

<script type="text/plain" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script>

The type has to be "optin" to get recognized by PrivacyWire, the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.

If you want to give the users the possibility to change their consent, you can use the following Textformatter:

[[privacywire-choose-cookies]]

It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
You can also add a custom link to output the banner again with a link / button with following class:

<a href="#" class="privacywire-show-options">Show Cookie Options</a>

<button class="privacywire-show-options">Show Cookie Options</button>

This module is still in development, but we already use it on several production websites.
You find it here: PrivacyWire Git Repo
Download as .zip

I would love to hear your feedback 🙂

CHANGELOG

  • 0.1.1 Debugging: fixed error during uninstall
  • 0.1.0 Added new detection of async scripts for W3C Validation
  • 0.0.6 CSS-Debugging for hiding unused buttons, added ProCache support for the JavaScript tag
  • 0.0.5 Multi-language support included completely (also in TextFormatter). Added possibility to async load other assets (e.g. <img type="optin" data-category="marketing" data-src="https://via.placeholder.com/300x300">)
  • 0.0.4 Added possibility to add an imprint link to the banner
  • 0.0.3 Multi-language support for module config (still in development)
  • 0.0.2 First release
  • 0.0.1 Early development
  • Like 19
  • Thanks 3

Share this post


Link to post
Share on other sites

@joshua Nice! Thanks for sharing.

Can this module be used for multi-lingual sites? i.e. If I wanted to translate the banner texts and labels, is that possible out of the box? Or would I have to manually re-define the module's text fields as text/textarea language?

  • Like 1

Share this post


Link to post
Share on other sites

Right now only the default values can be overwritten via language translation files.
But good hint - I'll add multi-language support for the config fields as well.

  • Like 6

Share this post


Link to post
Share on other sites

Wow... thanks @joshua for this.

This is really a nice extension or more advanced and often asked for solution.
I wil definitely try this and check out what is possible with your module.

Great work!

  • Like 1

Share this post


Link to post
Share on other sites

You can simply write your own CSS. In the module included are only some basic styles (less than 500 byte) which are directly included via JS. I tried to keep the module as slim as possible, the javascript has only 3.05 kb (gzipped) with all the functionality.
You can see an example of styling at our website or this website.

I usually only style the div.privacywire and the buttons to match the website styles.

Share this post


Link to post
Share on other sites
On 2/16/2020 at 4:07 PM, dragan said:

Can this module be used for multi-lingual sites? i.e. If I wanted to translate the banner texts and labels, is that possible out of the box? Or would I have to manually re-define the module's text fields as text/textarea language?

I today integrated the multi-language support for all the config fields.

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites

Update - Version 0.0.6

  • Minor CSS-Debugging (hiding the choose button when no cookie group is selected)
  • Added ProCache support for the script tag, when ProCache is installed
  • Like 2

Share this post


Link to post
Share on other sites

Hi @joshua,

thank you for this great module! Would you consider a suggestion to enable an "option out" approach on the check-boxes. I know this is controversial, but some clients insist on having this. 

Another question, do you know if there's a way to have a granular control on the scripts loaded by Google Tag Manager?

Share this post


Link to post
Share on other sites

Hi Sergio,

thank you! 🙂 Glad you like the module. I actually never thought about the "opt out" approach as our customers or their "Data protection officer" requested the opt-in version.
Do you mean this approach for "pre-selecting" the checkboxes within the choose-window? That would be not to hard to implement, I could add an option for this to the module config.
More difficult would it be to automatically load all scripts on page load and only stop specific categories, when the user choose to opt-out.

About the Google Tag Manager: I have no experience in this kind of granular control within the GTM. Maybe this article could help?

 

 

  • Like 1

Share this post


Link to post
Share on other sites
16 hours ago, Sergio said:

Another question, do you know if there's a way to have a granular control on the scripts loaded by Google Tag Manager?

With klaro consent manager you can gain control over the scripts loaded by GTM. See this issue. (I'm not affiliated with that project in any way, just using it on a couple of sites)

It is implemented via custom callback functions for each app that is managed by the consent manager. @joshua Maybe you could go a similar route to make configuration more flexible and tweakable? And thanks for putting this together!

And a suggestion for improvement: The type="optin" attribute is not a valid script attribute. So W3C Validator will not like it. You could use text/plain instead. That is not very semantic but could help to pass validator tests...

  • Like 3

Share this post


Link to post
Share on other sites
6 hours ago, joshua said:

More difficult would it be to automatically load all scripts on page load and only stop specific categories, when the user choose to opt-out.

Yep, that's the challenge indeed. I need to take a look at how Klaro does that, as mentioned by @gebeer. 

Share this post


Link to post
Share on other sites

Hello everyone,

i managed to implement your module and integrade GTM with it like in the examples you've posted from your websites. Thank you for that!

Two things i would like to ask:

  1. It seems like that the Imprint and Privacy Policy URLs are ignoring the different languages. It doesn't matter if i use the full https-url or just /de/impressum/ | /en/imprint/ etc., it will always link me to the default language. Am i doing something wrong or is this a minor bug?
  2. Could you give an example how to handle external media like embedded YouTube-Videos or GoogleMaps? Unfortunately my skills and knowledge are not good enough to manage it on my own.

Thanks in advance and stay safe.

 

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for your feedback!

I'll look into bug about the privacy URL in different languages later today.
For embedding videos I'll also write an example and update the main post later with this.

  • Like 2

Share this post


Link to post
Share on other sites

Thank you for this module. It works great.

I ran my webpage through W3C validation and it gave me these errors. Any suggestions on how to fix it? (Procache strips the quotes, but it's in the code). Thank you.

  1. Error: Bad value optin for attribute type on element script: Subtype missing.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=Ufkjdkfj"></scri

  2. Error: Element script must not have attribute async unless attribute src is also specified or unless attribute type is specified with value module.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=dfdfdfdf"></scri

  • Like 1

Share this post


Link to post
Share on other sites
On 3/25/2020 at 4:20 PM, PK Mi43 said:

Hello everyone,

i managed to implement your module and integrade GTM with it like in the examples you've posted from your websites. Thank you for that!

Two things i would like to ask:

  1. It seems like that the Imprint and Privacy Policy URLs are ignoring the different languages. It doesn't matter if i use the full https-url or just /de/impressum/ | /en/imprint/ etc., it will always link me to the default language. Am i doing something wrong or is this a minor bug?
  2. Could you give an example how to handle external media like embedded YouTube-Videos or GoogleMaps? Unfortunately my skills and knowledge are not good enough to manage it on my own.

Thanks in advance and stay safe.

 

Thanks again for your feedback. I tested the privacy & imprint URLs and there really was a small bug about the multi language URLs.
When you update the module the multi language URLs should work now.

Example of external media:

<!-- This is the output container -->
<div id="player"></div>


<script type="optin" data-type="text/javascript" data-category="external_media">
        // 2. This code loads the IFrame Player API code asynchronously.
      var tag = document.createElement('script');

      tag.src = "https://www.youtube.com/iframe_api";
      var firstScriptTag = document.getElementsByTagName('script')[0];
      firstScriptTag.parentNode.insertBefore(tag, firstScriptTag);

      // 3. This function creates an <iframe> (and YouTube player)
      //    after the API code downloads.
      var player;
      function onYouTubeIframeAPIReady() {
        player = new YT.Player('player', {
          height: '360',
          width: '640',
          videoId: 'M7lc1UVf-VE',
          events: {
            'onReady': onPlayerReady,
            'onStateChange': onPlayerStateChange
          }
        });
      }

      // 4. The API will call this function when the video player is ready.
      function onPlayerReady(event) {
        event.target.playVideo();
      }

      // 5. The API calls this function when the player's state changes.
      //    The function indicates that when playing a video (state=1),
      //    the player should play for six seconds and then stop.
      var done = false;
      function onPlayerStateChange(event) {
        if (event.data == YT.PlayerState.PLAYING && !done) {
          setTimeout(stopVideo, 6000);
          done = true;
        }
      }
      function stopVideo() {
        player.stopVideo();
      }

    </script>

See this for more info about the YouTube API. The code above is from their example.

  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
On 3/27/2020 at 1:40 PM, montero4 said:

Thank you for this module. It works great.

I ran my webpage through W3C validation and it gave me these errors. Any suggestions on how to fix it? (Procache strips the quotes, but it's in the code). Thank you.

  1. Error: Bad value optin for attribute type on element script: Subtype missing.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=Ufkjdkfj"></scri

  2. Error: Element script must not have attribute async unless attribute src is also specified or unless attribute type is specified with value module.

    From line 1, column 30; to line 1, column 174

    l lang=en><script type=optin data-type=text/javascript data-category=statistics async data-src="https://www.googletagmanager.com/gtag/js?id=dfdfdfdf"></scri

That's right, currently the W3C does not validate.  @gebeer also mentioned this with the possible solution to use "text/plain" instead of "optin".
I'm planning to implement this solution, but as an optional addition to keep backwards compatibility for the users who already use the "optin" variant.

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites

Thank you for this module. I like it.

Is there a posibility to notice them who saves the cookie. To make a documentation of it. So far I know, the privacy policy says, you have to do that.

Its very strange and nonsensical in my opinion. Perhaps it ist possible to make a entry in logs. This would be very great.

Perhaps others know, what is realy necessary.   

Share this post


Link to post
Share on other sites

Hi @joshua,

I really like your module, especially the way how scripts are loaded asynchronous. Thank you for sharing!

It would be nice if you would use data-type="optin" instead of type="optin" in order to have valid HTML5.
 

Many greets!

Share this post


Link to post
Share on other sites

By the way: This is really helpful.

On 2/16/2020 at 1:07 PM, joshua said:

<img type="optin" data-category="marketing" data-src="https://via.placeholder.com/300x300">

@joshua Is there an opposite option to only show an element if a specific data-category isn't allowed? I want to display the link for managing cookies only to users if cookies of a certain kind are not allowed.

Share this post


Link to post
Share on other sites

Hello everyone,

first of all thank you @joshua for your example with external media. Greatly appreciated.

Right now i was tasked to integrate a Facebook Pixel onto a website. I assume i just do the same i did with Google Analytics and add the type/data-type/data-category "statistics" to the <script> tag. Easy!?

What about the following part:

<noscript>
  <img height="1" width="1" src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1"/>
</noscript>

Can/do i use the same procedure just with <noscript> instead of <script>, e. g.

<noscript type="optin" data-type="text/javascript" data-category="statistics">

or do i use the new (v0.0.5) implemented

<img type="optin" data-category="statistics" data-src="https://www.facebook.com/tr?id=yourfacebookid&ev=PageView&noscript=1" width="1" height="1">

without the <noscript></noscript> part?

 

Thanks in advance for your help, again. Have a great weekend and stay safe.

Share this post


Link to post
Share on other sites

I've updated the module today to add the W3C validation.
Starting now the type can be "text/plain" instead of "optin", the js will detect the elements via the data-category attribute. I will update the documentation.

On 4/9/2020 at 5:45 PM, DV-JF said:

Is there an opposite option to only show an element if a specific data-category isn't allowed?

That's a good point. Right now there isn't a detection for this but I'll think about a way to implement this.

 

On 4/4/2020 at 7:10 AM, hintraeger said:

Is there a posibility to notice them who saves the cookie. To make a documentation of it. So far I know, the privacy policy says, you have to do that.

When you add a button to change cookie preferences in your privacy policy, the selected options are pre-selected, so one could say it's "documented". I'm not sure if this is sufficient for your case?
 

On 4/17/2020 at 2:53 PM, PK Mi43 said:

Can/do i use the same procedure just with <noscript> instead of <script>, e. g.

That will not work, as the loading works via javascript. When javascript is disabled (and the <noscript> tag comes into play), PrivacyWire isn't loaded as well so it cannot load the <noscript> tag.

Share this post


Link to post
Share on other sites
On 5/10/2020 at 1:41 PM, joshua said:

That will not work, as the loading works via javascript. When javascript is disabled (and the <noscript> tag comes into play), PrivacyWire isn't loaded as well so it cannot load the <noscript> tag.

Thank you for your explanation, that makes sense. So would i leave it just as it is, or get rid of it alltogether since the cookie banner requires javascript?

Does anyone have experience with it, or would this be too much work to implement?

Share this post


Link to post
Share on other sites

Isn't it required in the new word of EU web bureaucracy to list every single cookie on demand (by category) and explain what is does, where it's from and can set it individually?

So, for example, in the same example category "my user settings" I can agree to remember a "my selected language" cookie but not another cookie with "my last page visited"?

As Borlabs cookie does it, or Klaro (kind of)?

Am I wrong with my understanding of the current GDPR law situation? Or is this implemented already and I just did not find it?

(Right now I am evaluation this module against using KLARO directy)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      This module allows you to integrate hCaptcha bot / spam protection into ProcessWire forms. hCaptcha is a great alternative to Google ReCaptcha, especially if you are in the EU and need to comply with privacy regulations.

      The development of this module is sponsored by schwarzdesign.
      The module is built as an Inputfield, allowing you to integrate it into any ProcessWire form you want. It's primarily intended for frontend forms and can be added to Form Builder forms for automatic spam protection. There's a step-by-step guide for adding the hCaptcha widget to Form Builder forms in the README, as well as instructions for API usage.
      Features
      Inputfield that displays an hCaptcha widget in ProcessWire forms. The inputfield verifies the hCaptcha response upon submission, and adds a field error if it is invalid. All hCaptcha configuration options for the widget (theme, display size etc) can be changed through the inputfield configuration, as well as programmatically. hCaptcha script options can be changed through a hook. Error messages can be translated through ProcessWire's site translations. hCaptcha secret keys and site-keys can be set for each individual inputfield or globally in your config.php. Error codes and failures are logged to help you find configuration errors. Please check the README for setup instructions.
      Links
      Github Repository and documentation InputfieldHCaptcha in the module directory (pending approval) Screenshots (configuration)

      Screenshots (hCaptcha widget)

       
       

       
    • By bernhard
      --- Please use RockFinder3 ---
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory (pending approval) If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      Since 0.0.4, instructions and changelog can be found in the README only. You can find it here  🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github, thanks!
×
×
  • Create New...