Jump to content

PrivacyWire - Cookie Management & async external asset loading


joshua

Recommended Posts

Hello,

I tried to uninstall this module so I could test another, but I'm getting this error after uninstalling it. Based on what this error seems to be indicating, I made sure that I uninstalled TextformatterPrivacyWire first, before uninstalling PrivacyWire. But that didn't work either. Is there something else that I should be doing? I thought it might be ProCache, but I turned that off too.

Please let me know. Thank you!

Error: Exception: Module TextformatterPrivacyWire requires: PrivacyWire>=0.0.5 (in /usr/home/jc/public_html/test.com/wire/core/Modules.php line 1857
#0 /usr/home/jc/public_html/test.com/wire/core/Wire.php(383): ProcessWire\Modules->___install('TextformatterPr...')
#1 /usr/home/jc/public_html/test.com/wire/core/WireHooks.php(823): ProcessWire\Wire->_callMethod('___install', Array)
#2 /usr/home/jc/public_html/test.com/wire/core/Wire.php(450): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Modules), 'install', Array)
#3 /usr/home/jc/public_html/test.com/wire/core/Modules.php(1303): ProcessWire\Wire->__call('install', Array)
#4 /usr/home/jc/public_html/test.com/wire/core/Modules.php(1194): ProcessWire\Modules->getModule('TextformatterPr...')
#5 /usr/home/jc/public_html/test.com/wire/modules/Fieldtype/FieldtypeText.module(97): ProcessWire\Modules->get('TextformatterPr...')


This error message was shown because: you are logged in as a Superuser. Error has been logged.

 

 

Link to comment
Share on other sites

19 hours ago, montero4 said:

Hello,

I tried to uninstall this module so I could test another, but I'm getting this error after uninstalling it.

Hi Montero,

thank you for your feedback. I just looked into this and fixed the bug in the new release.

Best,
Joshua

Link to comment
Share on other sites

On 5/30/2020 at 5:06 PM, ceberlin said:

Isn't it required in the new word of EU web bureaucracy to list every single cookie on demand (by category) and explain what is does, where it's from and can set it individually?

So, for example, in the same example category "my user settings" I can agree to remember a "my selected language" cookie but not another cookie with "my last page visited"?

As Borlabs cookie does it, or Klaro (kind of)?

Am I wrong with my understanding of the current GDPR law situation? Or is this implemented already and I just did not find it?

(Right now I am evaluation this module against using KLARO directy)

That's an interesting point. As I understood the GDPR (but I'm not a lawyer, so not sure about that) a listing of the single cookies is not mandatory right now - but the upcoming ePrivacy could change that.

When you want/need to implement this solution, KLARO could be a better choice at the moment. Currently this feature isn't included in PrivacyWire and I'm not sure if or when I could implement it. Or you could fork PrivacyWire and add the feature with a PR? 😉

Best,
Joshua

  • Like 1
Link to comment
Share on other sites

Hi Joshua, yes, in Germany, this is not mandatory at the moment - in other EU countries the situation might be different. All German lawyers online with lots of drama about the subject offer - surprise surprise - their own commercial solutions. I have not read any neutral position/comment on the subject yet. As I understand it, the tenor from the BGH is that the user should be able to know exactly what he or she agrees to. According to this, the webdesigner would have to name names.

The BGH ruling is still too recent (end of May 2020) and has not yet been implemented in German law. I just want to be prepared. I am irritated to I see the free KLARO goes the same route, listing all the little details.

I am not prepared yet to fork and PR. I am thinking about possible concepts right now. Maybe just adding an optional data-attribute with some line of text or a link which is is dispayed with a "read more" in the module's output, so the module does not need to handle every little detail? I am curious about other opinions from EU developers here. (I am also checking out the KARO module for WordPress right now to see how they are managing the information there.)

Cheers, Carl

  • Like 1
Link to comment
Share on other sites

Joshua, first, thank you for all your work. It looks like that we need a good solution for compliance also in Germany now (after the BGH ruling) and I am glad, that your plugin is close to what we need already.

After comparing existing tools and reading more about the requirements I thought of the following strategy to add to the compliance:
(My source of information: https://www.activemind.de/magazin/cookie-consent-banner/)

1. we probably need another category.

"Functional" for settings that are not "essential", like settings, example use: remember that a certain popup was closed. Comes after "essential" (or better the order of the selected categories from the backend is remembered)

2. Details collection.

This info should to be collected: name of cookie, issuer, purpose, functions, privacy links. Example:
name: '_ga, _gid',
issuer: 'Google Universal Analytics',
purpose: 'Collect statistical data for service improvement.',
functions: 'Number of pageviews, link clicked etc. ',
privacyLink: 'https://policies.google.com/privacy?hl=en'

Some vendors like cookiebot overload their popup with information. I think this confuses more than it helps. Setting content should not be rocket science to average users.

Instead, I thought of having the details on a special (manually filled?) compliance page, sorted into category blocks. That means that means another optional link (next to imprint and privacy) in the settings could be useful.

If this strategy makes sense, then it would be fancy if your textformatter could handle the consent from there: [[privacywire-category-settings category="statistics" ]] and display a toggle for on/off for that category. (But this has no priority)

3. Styles / Popup responsive? 

Right now the popup is not working correctly on mobile phones. It is not scrollable, and with lots of description and selections it easily has more content than fitting on a small screen.

  • We need another wrapper div tag for the element and another wrapper div tag with a class for the links - and add classes to all elements like the lists - so this is easier to style.
  • Also the body text is maybe not needed right away so there should be an option in the backend to display that only on the page which opens, when "select" is choosen?
  • Maybe add a field in the backend to drop all the CSS so it is easy to maintain at one place?

4. External media.

Can you explain what happens in that case? How can your code handle iframes, e.g. YouTube, Vimeo and maps? What happens if one of the existing video plugins are used?

5. Cookie lifetime of this plugin max 7 days?

In Safari and Firefox JavaScript cookies have a short lifetime, even if the cookie is set with a very long expiration date. A user has to opt-in again every 7 days. Is this correct? and is an alternative? Source: https://alightanalytics.com/alight-insights/safari-first-party-cookies/

---

Before a line of code is written, I would ask everyone for feedback and ideas for this concept...

---

By the way: here is a nice layout example with a consent banner with kind of your feature set - they also follow the route to move all complicated cookie details to a separate cookie consent page:

https://www.osano.com/cookieconsent/download/

 

 

  • Like 1
Link to comment
Share on other sites

Hi Joshua, the module works fine.
I would like to use the Textformatter to generate a button. [[privacywire-choose-cookies]]
But I don't get how to implement the shortcode.. 😬
In a Textfield? That doesnt work. Sorry for this noob-question.
Thank you!

Ok..now I got it!

Edited by Nick Belane
  • Like 1
Link to comment
Share on other sites

  • 1 month later...

Hello gentlemen and thank you for your fine module, Joshua!

Is there a way to preserve the changes to the HTML/CSS of the banner after updates? Maybe there is a generic processwirish way to override module markup?

Right now I added a method to the module that allows me to replace the module's markup by placing the modified files in /site/templates/MODULE_DIR/:

    protected function getFile($file, $is_url = false)
    {
        // we're putting module overrides in /site/templates/modules
        $override_dir = 'modules/' . basename(dirname(__FILE__)) .'/';
        $override_path = $this->wire('config')->paths->templates . $override_dir . $file;
        // we're overriding files in the module's folder
        $default_path = $this->wire('config')->paths->$this . $file;

        if (is_readable($override_path)) {
            return $is_url ? $this->wire('config')->urls->templates . $override_dir . $file : $override_path;
        }

        return $is_url ? $this->wire('config')->urls->$this . $file : $default_path;
    }

and using it like this:

$jsFilePath = $this->getFile('js/PrivacyWire.js', true);

and

$output = wireRenderFile($this->getFile('PrivacyWireBanner.php'), [ 'module' => $this ]);

 

This way I only have to add the above code into the module after the update, while keeping my changes in /site/templates/PrivacyWire/, to preserve the look of the banner, from the default

2020-08-06-131451.png.9b206751af206c4b215924363de9db59.png

to a Bulma version

2020-08-06-131529.png.a7a7c169547ec401c8301ee8f7ab5159.png

  • Like 2
Link to comment
Share on other sites

Thank you for all your input! I've been quite busy the last weeks, sorry for my delay in answering your requests.
During the last couple of days I refactored some code and implemented an suggested feature by @horst (to call a custom js function after saving the consent). As this version might not be as stable as the current version, you'll find it currently in a separate branch. The following updates are also only in this branch at the moment.

On 6/2/2020 at 11:10 AM, ceberlin said:

1. we probably need another category.

"Functional" for settings that are not "essential", like settings, example use: remember that a certain popup was closed. Comes after "essential" (or better the order of the selected categories from the backend is remembered)

I agree on that and just added this category to PrivacyWire (in the V2-Branch).

On 6/2/2020 at 11:10 AM, ceberlin said:

5. Cookie lifetime of this plugin max 7 days?

In the new branch I switched to save the consent information in LocalStorage instead of Cookies. Now the lifetime in all browsers should be 365 days.

About the details about cookies / categories: I also agree that there should be an option to display more details. The idea of a Textformatter for this purpose sounds good. Haven't got the time though to implement it right away. I'm open for PullRequests with improvements, if you want 😉

The styling is currently applied directly within the js file. To add the option to disable loading the stylesheet, I could exclude this from the js file and add an option to the module config.

  • Like 1
Link to comment
Share on other sites

23 hours ago, The G said:

Is there a way to preserve the changes to the HTML/CSS of the banner after updates? Maybe there is a generic processwirish way to override module markup?

Good question! I don't know a native "processwirish" procedure for this yet. Your solution like a good start. Does anyone else knows a processwirish way of doing this?

Link to comment
Share on other sites

2 hours ago, joshua said:

Good question! I don't know a native "processwirish" procedure for this yet. Your solution like a good start. Does anyone else knows a processwirish way of doing this?

The "processwirish way", IMO, is called hooking. Therefore the originals modules author need to add three underscores to a method name: "___myMethodName()". This method than can be hooked and its output changed. 

Joshua, if you would add three underscores to the public render() method, I think its all done. @The G then should be able to hook in (before or after) and changes the output the way he likes to.

In this case it seems like a small autoloaded custom module should fit:

class MyCustomModule extends WireData implements Module {

    public static function getModuleInfo() {
        return [
            'title' => "MyCustomModule",
            'summary' => "Customizes the output of PrivacyWire module",
            'version' => "0.0.1",
            'autoload' => true,
            'singular' => true,
            'requires' => [ "PrivacyWire", "PHP>=7.2", "ProcessWire>=3.0.0" ],
            'icon' => 'cookie'
        ];
    }

    public function ready() {
        $this->addHookBefore('PrivacyWire::render', $this, 'customRender');
    }

	public function customRender(HookEvent $event) {
		// do your changes or complete override here
		// ...
		$myCustomOutput = $this->myHelperMethod();
		$event->return = $myCustomOutput;
	}

	protected function myHelperMethod() {
		return 'something';
	}
}

Not tested and I'm currently not perfect sure if its better to hook in before or after. (I think before, but you need to test it)

 

TL;DR

Other scenarios may be that the original modules author adds special hooking methods where an output finally is passed through. This function then optionally can be used for changes.

// in PrivacyWire
	public function render(HookEvent $event)
    {
		...
		$output = 'something';

        $output = $this->finalizeOutput($output, $event);
        $event->return = $output;
    }

	public function ___finalizeOutput($output, $origEvent) {
		 return str_replace("</body>", "{$output}</body>", $origEvent->return);
	}

// in another module or site/ready.php, addHookAfter PrivacyWire::finalizeOutput

 

  • Thanks 1
Link to comment
Share on other sites

Ah, but of course! How could I forget about hooks! Thank you, @horst! I realize now that I could probably keep all my overrides in a single place, depending on the presence of the hooks, of course.

@joshua, please make the render() function hookable.

Sometimes I wish ProcessWire could be more restrictive, my /site/ folder is a frankensteinish patchwork of code snippets, because I used whatever the search cat dragged in first 🤣

  • Like 2
Link to comment
Share on other sites

I 've done a pull request against the v2 branch, only three underscores added 😄

This is how I hooked it in ready.php (these are theme specific overrides, so I want to keep them in the /site/ folder somewhere):

// If I want to do something with front pages (old code)
//if (strpos($_SERVER['REQUEST_URI'], $config->urls->admin) !== 0) {
// my front pages are all extending a FrontPage class
// see https://processwire.com/blog/posts/pw-3.0.152/#new-ability-to-specify-custom-page-classes
if (is_subclass_of(page(), 'Processwire\FrontPage')) {
	// [...]

	$wire->addHookBefore('PrivacyWire::render', function($event) {
        $event->replace = true;
        $privacywire = $event->object;

        $isProCache = modules()->isInstalled('ProCache') && modules()->get('ProCache');
        $jsFilePath = getModuleFile($privacywire, 'js/PrivacyWire.js', true);
        if ($isProCache && $privacywire->use_procache_minification) {
            $jsFilePath = modules()->get('ProCache')->js($jsFilePath);
        }

        $output = wireRenderFile(getModuleFile($privacywire, 'PrivacyWireBanner.php'), [ 'module' => $privacywire ]);
        $output .= "\n<script>var PrivacyWireSettings={version:'{$privacywire->version}',dnt:'" . ((int) $privacywire->respectDNT) . "'};</script>";
        $output .= "\n<script defer src='{$jsFilePath}'></script>";

        $event->arguments(0)->return = str_replace("</body>", "{$output}</body>", $event->arguments(0)->return);
    });

	// [...]
}

/**
 * checks for a module file override in the path defined
 * @param  object  $module    the module needing a file overriden
 * @param  string  $file_path the override file path, from the module folder, i.e. "js/PrivacyWire.js"
 * @param  boolean $is_url    switch for outputting a path or an URL, by default the function outputs a path
 * @return string             the override path is it's readable or the initial file path if it's not
 */
function getModuleFile($module, $file_path, $is_url = false)
{
    // we're putting module overrides in /site/templates/modules/
    $override_dir = 'modules/' . $module->className() .'/';
    $override_path = paths()->templates . $override_dir . $file_path;
    // we're overriding files in the module's folder
    $default_path = paths()->$module . $file_path;

    if (is_readable($override_path)) {
        return $is_url
            ? urls()->templates . $override_dir . $file_path
            : $override_path;
    }

    return $is_url
        ? urls()->$module . $file_path
        : $default_path;
}

 

  • Like 2
Link to comment
Share on other sites

Thank you for the PR and the idea! Of course it's a good think to have the render function hookable. I also like the idea of @horst with an hookable output file. I would definitely like to spend some time soon to refactor / optimize PrivacyWire.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

  • 2 weeks later...
3 hours ago, Matze said:

Just wanted to say thank you for this highly needed plugin! Is there a way to donate for it?

Thanks for your feedback - I'm glad you like it!
Haven't thought about a way for donation yet, but PayPal should work fine. Thanks a lot 🙂

Link to comment
Share on other sites

  • 1 month later...

After the user saves his/her choices, a confirmation message is shown for 1.5 seconds, then is removed.

My contact page uses Google Recaptcha and thus it needs Google's marketing cookies to work. So, in the beginning, instead of the contact form, the page shows only a message explaining that if one wishes to use the contact form, one needs to consent to the marketing cookies. Only after/if the user consents is the form shown. I wanted to have the page refreshed after saving the choices, so the user would not need to do a manual refresh to see the changes. I did it by adding a

74 window.location.reload(true);

line after

73	priw_wrapper.classList.remove('show-message');

which is the one where the confirmation message is removed (priw_showMessage(), line 73 in src/js/PrivacyWire.js) and re-rollup-ing. I could make a pull request if it seems useful.

 

Another suggestion would be make the setTimeout delay configurable. This one is not something I needed, but it just feels right to have it configurable 😁

Link to comment
Share on other sites

Thanks for your input, @The G. There actually already is a way to solve this, thanks to the previous input from @horst:

In the PrivacyWire Settings you can find the "Trigger a custom js function" field:

grafik.png.57da220f8be9a170b45074a5f537e8d6.png

Just add a function name there, which you want to get triggered (in this examle the function is called reloadAfterConsent )
Then somewhere in your code add the relevant function, e.g.:

<script>
    var reloadAfterConsent = function() {
      window.location.reload(true);
    }
</script>

And voilá - your page reloads after every consent saving.

 

14 hours ago, The G said:

Another suggestion would be make the setTimeout delay configurable. This one is not something I needed, but it just feels right to have it configurable 😁

One could make this configurable, of course. Would you like to set the duration or something else of the setTimeout?

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Nice, it works beautifully.

 

3 hours ago, joshua said:

[...] One could make this configurable, of course. Would you like to set the duration or something else of the setTimeout?

The duration. I'd like to let the user read the message for a little longer:
simplescreenrecorder-2020-09-24_11_45_40.gif.73d372e9619843b286b63fcae514b57d.gif

 

Off-topic question: how does one make posted videos to not extend to the full container width? I used the annoying GIF above because I didn't find a way to display posted videos at their real size.

 

Link to comment
Share on other sites

On 5/10/2020 at 1:41 PM, joshua said:
On 4/9/2020 at 5:45 PM, DV-JF said:

Is there an opposite option to only show an element if a specific data-category isn't allowed?

That's a good point. Right now there isn't a detection for this but I'll think about a way to implement this.

Hey @joshua any news or ideas on this?

Link to comment
Share on other sites

Anyone else experiencing weird behaviour with the external_media option while opting in/out of it?

A recent project needed a little overhaul therefore external media is now only available after opting in to it BUT... it's not working out as expected after you later on decide to opt out or in to it.

Thought about issues with some custom JS but even on a clean install the issue occures.
It's not happening with any other option so far - so I could work around that issue for now.

As you can see the values in local storage are already off for external_media.

pw001.thumb.png.7f3127081d3c8a2dd2e699ae86e3c28e.png

pw002.thumb.png.0c8f0e1980e9459e15966ea8ce3b510f.png

 

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...