Jump to content
joshua

PrivacyWire - Cookie Management & async external asset loading

Recommended Posts

Hi @joshua and fellow cookie munchers. I might have spotted another glitch in the cookie matrix.

What I did/tested: 

I changed the version number in the settings.

What happened:

  1. nothing until I cleared the ProCache cache (which is fine I guess), then afterwards...
  2. the cookie banner showed up again and asked for consent (which was expected) BUT...
  3. all external media assets, tracking scripts, etc. were still loading (which was unexpected)
  4. giving consent closed the banner (fine) BUT it came right back on the next page

Why did it happen:

The test user had already given consent and therefore and old entry existed in the local storage which said sure give me cookies and whatever BUT it didn't recognize the new version and therefore didn't revoke the old opt-in/consent on first load with the new version AND wasn't updated after opting in again.

TL;DR

Changing the version number in the settings does not reset/clear/delete/revoke all previously given and stored local storage settings and won't update after giving consent again to the new version.

  • Like 2

Share this post


Link to post
Share on other sites

Thanks @wbmnfktr for noticing this!

There really was a bug with the version number and async loading of scripts etc.

I fixed this in V0.2.5.

After changing the version number in the backend (and refreshing ProCache - especially when you have activated the option to minify local Javascript) PrivacyWire will check the version number first before handling the elements requiring consent.
 

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites

Today there are two updates for PrivacyWire (newest Version V0.2.7 )

1. The update of elements after giving consent now observs more attributes (also srcset for responsive images and width/height attributes - especially good for iFrames)

2. When the user wants to choose the detailled cookies, there is now a option to show another "Accept All" Button instead of the "Toggle" Button - configurable via module config.

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites
On 9/29/2020 at 2:52 PM, DV-JF said:

Is there an opposite option to only show an element if a specific data-category isn't allowed?

I added a feature for this in todays 0.3.0 (not pushed the release tag yet, as there was a lot of rewriting to implement this feature).

If you want to show an opt-in element instead of the consent-required element, just add a data-attribute data-ask-consent="1". Here is an example:

<iframe src="" data-src="https://www.example.com/" data-category="marketing" data-ask-consent="1" frameborder="0" height="400" width="400"></iframe>

In this case, the iframe gets only loaded, when cookies of type "marketing" are allowed. If not, the user will be asked for consent. The text of the consent-window is configurable in the module config.
The markup of this message also includes an css class with the type of cookie, if you want to style them specifically.

  • Like 5

Share this post


Link to post
Share on other sites

@joshua thanks for the module.
would you consider changing the header tag into a div?

<header class="privacywire-header"></header>

Some might using page header in their css-files without a class. It might get into style conflicts. What do you think?

  • Like 1

Share this post


Link to post
Share on other sites

@ngrmm I had a similar issue and went kind of a different route and added role="main" to my main header and excluded it later on in my PrivacyWire CSS.

header:not([role=main]) {
    // here you go
}

For the moment that should work out quiet nice without any or at least only minor issues - at least when you are working with less, sass, SCSS and similar.

 

  • Like 3

Share this post


Link to post
Share on other sites

Thanks a lot for this wonderful module! It works like a charm, except for one little problem:  When I use the "Accept all" button I have to reload the website for the changes to take effect. Selecting specific categories and clicking the "Save preferences" button has immediate effect. Is this an indented behaviour or am I missing something here? 

  • Like 1

Share this post


Link to post
Share on other sites

@ngrmm thanks for your input. Semantically header tags are allowed to have multiple instances within one page (e.g. one main page header and one header per <article> etc.).
But I see the point - within the cookie banner a <header> might not be the best semantical element to choose.

To provide backwards compatibility (if someone has already styled the PrivacyWire <header> via CSS) I will add an option to configure the output tag between <header> and <div>.

 

  • Like 2

Share this post


Link to post
Share on other sites

@snck Thank you!

Normally the "Accept all" button should do the exact same thing. I'm looking into this right now.

Share this post


Link to post
Share on other sites

I fixed these two topics in 0.3.2.
@snck: There really was a bug with the "Accept all" Button - thanks for noticing!

@ngrmm: You can choose now in the module config which header tag you want 😉
For keeping backwards compatibility, the default value still is <header>.

  • Like 5

Share this post


Link to post
Share on other sites

@joshua what do you think about the idea to have a style.css file instead of the styling inside your js?
 

Share this post


Link to post
Share on other sites

@ngrmm That actually was my first type of implementation (separating css and js), but as the CSS file would be very small (554 Byte), it actually is slower to load these two connections vs. loading only one JS file with the CSS included ( even with HTTP/2 - I tested it alot!).

This is the total amount of styles used by PrivacyWire (beautified for better readability):

.privacywire {
    position: fixed;
    bottom: -250%;
    left: 0;
    right: 0;
    box-shadow: 0 -1px 3px rgba(0, 0, 0, .3);
    opacity: 0;
    background: #fff;
    z-index: 1;
    padding: 1rem;
    transition: bottom .3s ease-in, opacity 1s ease-out
}

.privacywire .privacywire-header {
    font-weight: 700
}

.show-banner .privacywire.privacywire-banner,
.show-message .privacywire.privacywire-message,
.show-options .privacywire.privacywire-options {
    bottom: 0;
    opacity: 1;
    transition: bottom .3s ease, opacity .3s ease
}

.privacywire button[hidden],
[data-ask-consent-rendered="1"],
div.privacywire-ask-consent-blueprint {
    display: none
}

You could do the following:

1. Uncheck the config checkbox "Add basic CSS Styling":

grafik.png.a35fcb159fae0b193a4918cffc22b8a8.png
2. Add the styles to your own stylesheet.

  • Like 4

Share this post


Link to post
Share on other sites

Nice work!

Question:

I'm finding myself in need of many changes in the banner template, so I had to hook-replace the module's 'render' method.

Would be useful to isolate the path retrieving code in separate hookable functions? Like this:

    /**
     * checks for a banner template alternate path
     * @return string   the path of the banner template file
     */
    public function ___getBannerTemplate()
    {
        return $this->wire('config')->paths->$this . 'PrivacyWireBanner.php';
    }

    /**
     * checks for a javascript file alternate path
     * @return string   the path of the banner template file
     */
    public function ___getJsFile()
    {
        return ($this->add_basic_css_styling) ? $this->wire('config')->urls->$this . "js/PrivacyWire.js" : $this->wire('config')->urls->$this . "js/PrivacyWireUnstyled.js";
    }

Then, I could use it (I am using it, actually) like this (in /site/ready.php):


// my front pages are all extending a FrontPage class
// see https://processwire.com/blog/posts/pw-3.0.152/#new-ability-to-specify-custom-page-classes
if (page() instanceof FrontPage) {

    $wire->addHookAfter('PrivacyWire::getBannerTemplate', function ($event) {
        $event->replace = true;
        $default_path = $event->return;
        $filename = pathinfo($default_path, PATHINFO_BASENAME);
        // my override is in /site/templates/modules/PrivacyWire/PrivacyWireBanner.php
        $override_path = paths()->templates.'modules/PrivacyWire/'.$filename;
        $event->return = is_readable($override_path) ? $override_path : $default_path;
    });

}

 

Or even simpler (for me 😂), those could be two new config keys, like 'alternateBannerTemplate' and 'alternateJsFile'.

 

This would also cover the case of needing to change the header tag, so it could be dropped (just a thought, don't hit me in the head, you valiant head tag config defenders 😁).

Edited by The G
Corrected embarassing code blooper
  • Like 1

Share this post


Link to post
Share on other sites

@The G Your wish is my command 😅

I just added another config option for an alternative banner template file! In addition (to be even more flexible 😄 ) I included your idea of the hookable methods for banner template and js file.

grafik.thumb.png.deb17e56c5937565eb3a2b72a180b36c.png

/**
* checks for a alternate banner template path
* @return string   the path of the banner template file
**/
public function ___getBannerTemplateFile()
{
	return (!empty($this->alternate_banner_template) && file_exists($this->wire('config')->paths->root . $this->alternate_banner_template)) ? $this->wire('config')->paths->root . $this->alternate_banner_template : $this->wire('config')->paths->$this . 'PrivacyWireBanner.php';
}

So now you have to decide whether you prefer to hook or configurate 😄

--> 0.3.3 <--

  • Like 4
  • Thanks 2

Share this post


Link to post
Share on other sites

So, excited to use the updated version as I was, there was no time for RTFM - even if there was clearly written

without leading slash

, I merrily entered

/site/templates/modules/PrivacyWire/PrivacyWireBanner.php

and BANG!, ProcessWire shouted at me for wanting to use a not allowed path (because of the resulting double slash). I'm still trembling!

Since it breaks so hard, I'm wondering if the input could be somehow forced to loose the leading slashes forgotten by irresponsible people like yours truly. Sadly, I'm not well versed (yet!) in module configuration input validation/modification.

Or at least, write "without leading slash" in bold letters 😅

  • Like 1

Share this post


Link to post
Share on other sites

Oh, yes - I‘ll add a filter for the leading slash first thing tomorrow morning. Better than this error message 😅

  • Like 1

Share this post


Link to post
Share on other sites

Hey @joshua! Would you consider making this module installable via Composer?

Technically this just requires a) adding a composer.json file where you specify project name, type ("pw-module"), and a dependency for installer plugin (preferably wireframe-framework/processwire-composer-installer), b) adding the project to packagist.org, and c) (optional, but recommended) setting up a webhook between GitHub and Packagist so that new releases become automatically available at Packagist (or giving Packagist the permission to handle this step).

Here's an example composer.json from ProcessRedirects: https://github.com/apeisa/ProcessRedirects/blob/master/composer.json.

Thanks in advance for considering this 🙂

  • Like 3

Share this post


Link to post
Share on other sites

Hello all.

I decided to try PrivacyWire as had a request for one of my friends websites. So I proceeded to install and configure the module as needed, however I am stuck at how would the cookie consent appear on Home page (banner is not showing automatically). Can someone point me what am I missing as I checked 3 times the configs and did not find a markup to insert or a template to point to in the admin?

Share this post


Link to post
Share on other sites

Hello @wbmnfktr

I shall stop coding during late hours of the night. You were absolutely right that during my initial tests on localhost, I've slipped to close properly the body tag and that was causing the issue.

Thank you very much for the spotting and sharing what was obvious. It is all showing properly now, so I only would style it to fit the frontend.

  • Like 1

Share this post


Link to post
Share on other sites

Hi @joshua

i tried to have an iframe only be shown if consent is given.
This is my code:

<div data-category='external_media' data-ask-consent='0'>
	<div class='video_content' >";
		<iframe src='https://www.youtube-nocookie.com/embed/XXXXXXXXXX?enablejsapi=1' width='640' height='390' frameborder='0'></iframe>
	</div>
</div>

If consent for external_media is not given, the module asks you to give consent. „To load this element, it is required to consent to the following cookie category: External Media.“ 
But if consent is given, it does not show the div.video_content or the iframe. I tested to have some plaintext instead of the iframe and it works.

So this works:

<div data-category='external_media' data-ask-consent='0'>
	<div class='video_content' >
		<p>hello world!</p>
	</div>
</div>

And it looks like as if  0 or 1 for data-ask-consent does not make any difference.

UPDATE:
my fault, this works!
 

<div class='video_content' >";
	<iframe src='' data-src='https://www.youtube-nocookie.com/embed/XXXXXXXXXX?enablejsapi=1' data-category='external_media' data-ask-consent='0' width='640' height='390' frameborder='0'></iframe>
</div>

 

Edited by ngrmm
solved

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By joshua
      As we often use Matomo (former known as Piwik) instead of Google Analytics we wanted to embed Matomo not only in the template code but also via the ProcessWire backend.
      That's why I developed a tiny module for the implementation.
      The module provides the possibility to connect to an existing Matomo installation with the classical site tracking and also via the Matomo Tag Manager.
      If you have also PrivacyWire installed, you can tell MatomoWire to only load the script, if the user has accepted cookies via PrivacyWire.
      To offer an Opt-Out solution you can choose between the simple Opt-Out iFrame, delivered by your Matomo installation, or a button to choose cookies via PrivacyWire.
      You'll find the module both in the module directory and via github:
      ProcessWire Module Directory MatomoWire @ GitHub MatomoWire @ Packagist ->installable via composer require blauequelle/matomowire I'm looking forward to hear your feedback!


    • By Robin S
      If your module has a lot of config fields you might want to divide them into groups inside a tabbed interface. Here is a demonstration module showing how this can be done.
      https://github.com/Toutouwai/ModuleConfigTabs

      Thanks to @kixe for providing my starting point in this forum topic.
    • By FireWire
      Hello community!

      I want to share a new module I've been working on that I think could be a big boost for multi-language ProcessWire sites.

      Some background, I was looking for a way for our company website to be efficiently translated as working with human translators was pretty laborious and a lack of updating content created a divergence between languages. I, and several other devs here, have talked about translation integrations and have recognized the power that DeepL has. DeepL is an AI deep learning powered service that delivers translation quality beyond any automated service available. After access to the API was opened up to the US, I built Fluency, a DeepL translation integration for ProcessWire.
      Fluency brings automated translation to every multi-language field in the admin, and also provides a translation tool allowing the user to translate their text to any language without it being inside a template's field. With Fluency you can:
      Translate any plain textarea or text input Translate any CKEditor content (yes, with markup) Translate page names for fully localized URLs on every page Translate your in-template translation function wrapped strings Translate modules DeepL offers translations to the following languages: English (US), English (UK), German, French, Spanish, Portuguese (EU), Portuguese (Brazil, Italian, Dutch, Polish, Russian, Japanese, Chinese (Simplified)
      Installation and usage is completely plug and play. Whether you're building a new multi-language site, need to update a site to multi-language, or simply want to stop manually translating a site and make any language a one-click deal, it could not be easier to do it. Fluency works by having you match the languages configured in ProcessWIre to DeepL's. You can have your site translating to any or all of the languages DeepL translates to in minutes (quite literally).
      Let's break out the screenshots...
      When the default language tab is shown, a message is displayed to let users know that translation is available. Clicking on each tab shows a link that says "Translate from English". Clicking it shows an animated overlay with the word "Translating..." cycling through each language and a light gradient shift. Have a CKEditor field? All good. Fluency will translated it and use DeepL's ability to translate text within HTML tags. CKEditor fields can be translated as easily and accurately as text/textarea fields.

      Repeaters and AJAX created fields also have translation enabled thanks to a JavaScript MutationObserver that searches for multi-language fields and adds translation as they're inserted into the DOM. If there's a multi-language field on the page, it will have translation added.

      Same goes for image description fields. Multi-language SEO friendly images are good to go.

      Creating a new page from one of your templates? Translate your title, and also translate your page name for native language URLs. (Not available for Russian, Chinese, or Japanese languages due to URL limitations). These can be changed in the "Settings" tab for any page as well so whether you're translating new pages or existing pages, you control the URLs everywhere.

      Language configuration pages are no different. Translate the names of your languages and search for both Site Translation Files (including all of your modules)

      Translate all of the static text in your templates as well. Notice that the placeholders are retained. DeepL is pretty good at recognizing and keeping non-translatable strings like that. If it is changed, it's easy to fix manually.

      Fluency adds a "Translate" item to the CMS header. When clicked this opens up a modal with a full translation tool that lets the user translate any language to any language. No need to leave the admin if you need to translate content from a secondary language back to the default ProcessWire language. There is also a button to get the current API usage statistics. DeepL account owners can set billing limitations via character count to control costs. This may help larger sites or sites being retrofitted keep an eye on their usage. Fluency can be used by users having roles given the fluency-translate permission.

      It couldn't be easier to add Fluency to your new or existing website. Simply add your API key and you're shown what languages are currently available for translation from/to as provided by DeepL. This list and all configuration options are taken live from the API so when DeepL releases new languages you can add them to your site without any work. No module updates, just an easy configuration. Just match the language you configured in ProcessWire to the DeepL language you want it to be associated with and you're done. Fluency also allows you to create a list of words/phrases that will not be translated which can prevent items such as brands and company names from being translated when they shouldn't

       
      Limitations:
      No "translate page" - Translating multiple fields can be done by clicking multiple translation links on multiple fields at once but engineering a "one click page translate" is not feasible from a user experience standpoint. The time it takes to translate one field can be a second or two, but cumulatively that may take much longer (CKEditor fields are slower than plain text fields). There may be a workaround in the future but it isn't currently on the roadmap. No "translate site" - Same thing goes for translating an entire website at once. It would be great, but it would be a very intense process and take a very (very) long time. There may be a workaround in the future but it isn't on the roadmap. No current support for Inline CKEditor fields - Handling for CKEditor on-demand hasn't been implemented yet, this is planned for a future release though and can be done. I just forgot about it because I've never really used that feature personally.. Alpha release - This module is in alpha. Releases should be stable and usable, but there may be edge case issues. Test the module thoroughly and please report any bugs via a Gitlab issue on the repository or respond here. Please note that the browser plugin for Grammarly conflicts with Fluency (as it does with many web applications). To address this issue it is recommended that you disable Grammarly when using Fluency, or open the admin to edit pages in a private window where Grammarly may not be loaded. This is an issue that may not have a resolution as creating a workaround may not be possible. If you have insight as to how this may be solved please visit the Gitlab page and file a bugfix ticket.
      Requirements:
      ProcessWire  3.0+ UIKit Admin Theme That's Fluency in a nutshell. A core effort in this module is to create it so that there is nothing DeepL related hard-coded in that would require updating it when DeepL offers new languages. I would like this to be a future-friendly module that doesn't require developer work to keep it up-to-date.
      It's Free
      This is my first real module and I want to give it back to the community as thanks. This is the best CMS I've worked with (thank you Ryan & contributors) and a great community (thank you dear reader). The only cost to use this is a subscription fee for the DeepL Pro API. Find out more and sign up here.
      Download & Feedback
      Download the latest version here
      https://github.com/SkyLundy/Fluency-Translation/archive/main.zip
      Github repository:
      https://github.com/SkyLundy/Fluency-Translation
      File issues and feature requests here (your feedback and testing is greatly appreciated):
      https://github.com/SkyLundy/Fluency-Translation/issues
       
      Thank you! ¡Gracias! Ich danke Ihnen! Merci! Obrigado! Grazie! Dank u wel! Dziękuję! Спасибо! ありがとうございます! 谢谢你!

    • By Robin S
      An inputfield module that brings EasyMDE Markdown editor to ProcessWire.
      EasyMDE is a fork of SimpleMDE, for which there is an existing PW module. Inputfield EasyMDE has a few advantages though:
      EasyMDE seems to be more actively developed than SimpleMDE, which hasn't seen any updates for several years. You can define options for Inputfield EasyMDE. Inputfield EasyMDE can be used in Repeater fields and in custom fields for File/Image fields.  
      Inputfield EasyMDE
      EasyMDE (Easy Markdown Editor) as an inputfield for ProcessWire.
      EasyMDE is a Markdown editor with some nice features, allowing users who may be less experienced with Markdown to use familiar toolbar buttons and shortcuts. More information is at the EasyMDE website.

      Installation
      Install the Inputfield EasyMDE module.
      Usage
      Create a new textarea field, and in the "Inputfield Type" dropdown choose "EasyMDE". Save the field and if you like you can then configure the EasyMDE options for the field as described below.
      To convert Markdown to HTML you can install the core TextformatterMarkdownExtra module and apply the textformatter to the field. Alternatively you can use $sanitizer->entitiesMarkdown() on the field value, e.g.
      echo $sanitizer->entitiesMarkdown($page->your_field_name, ['fullMarkdown' => true]); Configuration
      On the "Input" tab of the field settings you can define EasyMDE options for the field in JSON format. Refer to the EasyMDE documentation for the available options. Keys in the JSON must be surrounded with double quotes.
      Example:
      "toolbar": ["bold", "italic", "heading", "|", "side-by-side"], "sideBySideFullscreen": false  
      https://github.com/Toutouwai/InputfieldEasyMDE
      https://processwire.com/modules/inputfield-easy-mde/
    • By d'Hinnisdaël
      ProcessWire Dashboard

      Download
      You can find the latest release on Github.
      Documentation
      Check out the documentation to get started. This is where you'll find information about included panel types and configuration options.
      Custom Panels
      The goal was to make it simple to create custom panels. The easiest way to do that is to use the panel type template and have it render a file in your templates folder. This might be enough for 80% of all use cases. For anything more complex (FormBuilder submissions? Comments? Live chat?), you can add new panel types by creating modules that extend the DashboardPanel base class. Check out the documentation on custom panels or take a look at the HelloWorld panel to get started. I'm happy to merge any user-created modules into the main repo if they might be useful to more than a few people.
      Roadmap
      Panel types Google Analytics Draft At a glance / Page counter 404s  Layout options Render multiple tabs per panel Chart panel load chart data from JS file (currently passed as PHP array)
×
×
  • Create New...