module PrivacyWire - Cookie Management & async external asset loading

[chrizz]

not sure whether a feature request should be dropped here, or @github, but I'll try it here first ?

First off: I love that module. It's handy, easy to implement/adapt and it just does what it is supposed to do. Thanks for sharing!

What I was looking for is a way to customize the markup of the consent blueprint. For the time being I have edited the original shipped file, but actually it would be great if this file can be configured the same way as the banner. Maybe that's something you could consider in the future as well? 

 

/update

? https://github.com/webworkerJoshua/privacywire/pull/16

[joshua]

Thanks @chrizz!
That's a good idea.

I will look into your PR later today and will merge it as soon as possible ?

[joshua]

15 hours ago, chrizz said:

https://github.com/webworkerJoshua/privacywire/pull/16

I just merged your PR ?

Thank you for contributing @chrizz!

[ngrmm]

@joshua I'm using GoogleMapsApi on a page. And did this:
 

<?php

// allow button
echo "<a class='privacywire-consent-button' data-consent-category='external_media'>allow cookies</a>";

	$address = $content->map_address->address;
	$lat = $content->map_address->lat;
	$lng = $content->map_address->lng;
	echo "<script >
		var lat,lng,zoom;
		lat = $lat;
		lng = $lng;
	</script>";	
		
// map stylung and render function
echo "<script type='text/plain' data-type='text/javascript' data-category='external_media'  data-src='{$templatesUrl}scripts/gmaps.js' class='require-consent'></script>";

// maps API
echo "<script type='text/plain' data-type='text/javascript' data-category='external_media' data-src='https://maps.googleapis.com/maps/api/js?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX&callback=initMap' class='require-consent'></script>";
	
// my map
echo "<div id='map' class='wrapper'></div>";

When I click on the allow button, all content disappear and there is a error
 

domain.com/:1 Uncaught (in promise) Qe {message: 'Map: Expected mapDiv of type HTMLElement but was passed null …

However the cookies are allowed. So that if refresh the page, everything is fine (cookies allowed and map is shown). What am I missing?

[ceberlin]

I stumbled upon another issue: a.f.a.i.k. the IMPRINT and PRIVACY pages should not be covered by this modal.

Otherwise, you cannot read what you are going to decide (if you followed the privacy link in the module, for example). But I am not a lawyer, it is just how I think it should work logically, especially thinking of the very strict German laws about the IMPRINT page accessibility. - Any oppinion?

I am looking for an easy way. Right now, I am using CSS to hide .privacywire and its wrapper on those.

But since the links to those pages are stored in the modules settings, why not excluding them automatically? Just an idea.

In this context, it would be cool if the module did some quick checks to assist the webmaster if those linked pages actually exist and are viewable.

[netcarver]

Has anyone noticed any issues getting this module working in FF?  It seems to work fine in Chrome based browsers but in FF for me - no errors in the console either which seems strange.

[ngrmm]

4 minutes ago, netcarver said:

Has anyone noticed any issues getting this module working in FF?  It seems to work fine in Chrome based browsers but in FF for me - no errors in the console either which seems strange.

Did you check your Browser-Settings? DNT-Mode? Ad-Blocker?

[netcarver]

@ngrmm Thank you for the quick reply.  So I have the checking of DNT set off in the module settings, which should make it ignore the browsers DNT setting (I think).


I'll look at other browser/extension settings as I do run ublock origin.

[netcarver]

So it is ublock-origin. Thank you for the pointer - I should have checked that first!

Updated to add 1: I actually run UBO in all my browsers so there must be a settings difference between UBO in my FF and Brave installs - will look into it.

Updated to add 2: Found it in case anyone else is interested. There's an entry in the UBO blocklist called "Fanboy's Annoyance" for .privacywire-wrapper that is causing the issue.  I had this list enabled in FF but not in chrome.

[Jozsef]

I'm using PrivacyWire with Google Analytics. Looking at their documentation it is possible to load GA4 without cookies.
How would I go about updating the GA settings when statistics cookies get approved instead of blocking the analytics script altogether?
https://developers.google.com/tag-platform/devguides/consent

Is there a JS variable I can check for or I have to parse local storage to find the answer?
I understand that I can run a script when consent is changed, I was just wondering if there's anything already exposed.

[teppo]

On 5/9/2022 at 3:36 PM, Jozsef said:

I'm using PrivacyWire with Google Analytics. Looking at their documentation it is possible to load GA4 without cookies.
How would I go about updating the GA settings when statistics cookies get approved instead of blocking the analytics script altogether?
https://developers.google.com/tag-platform/devguides/consent

Is there a JS variable I can check for or I have to parse local storage to find the answer?
I understand that I can run a script when consent is changed, I was just wondering if there's anything already exposed.

I know this is not exactly what you were asking for, and it's based on an older version of PrivacyWire so there may be an easier way to do it now, but here's how I handled a similar need (just in case it's of use to you or someone else here):

<script>
  window.cookieConsentUpdate = function(do_update) {
  do_update = typeof do_update === 'boolean' ? do_update : true;
  let privacywire_data = window.localStorage.getItem('privacywire') ? JSON.parse(window.localStorage.getItem('privacywire')) : '';
  window.cookie_consent = {
    'necessary': privacywire_data ? (Boolean(privacywire_data.necessary) ?? true) : true,
    'functional': Boolean(privacywire_data.functional) ?? false,
    'statistics': Boolean(privacywire_data.statistics) ?? false,
    'marketing': Boolean(privacywire_data.marketing) ?? false,
    'external_media': Boolean(privacywire_data.external_media) ?? false
  };
  if (do_update) {
    // this is where you could send data to GA etc.
  }
}
window.cookieConsentUpdate(false);
</script>

Now just have this function run when cookie settings are changed; do_update will default to true, and any custom code in the if block will be triggered.

[froot]

Is PrivacyWire GDPR compliant? (General Data Protection Regulation in the EU)

I'm in the process of implementing Google AdSense in a site. I could just leave out personalised ads altogether, which is what I do for the time being, but it's good advice to include it because of a higher ROI. 

To my understanding, if you want to include personalised ads in the EU, you need to give the user the possibility to opt-in and opt-out of personalised ads.

I found these articles in the Google AdSense docs

https://support.google.com/adsense/answer/9681920?hl=en
https://support.google.com/adsense/answer/10961068?hl=en#zippy=%2Cgdpr-messages-with-two-buttons-manage-options-consent

So it looks like Google offers to take care of the relevant privacy notifications and opt-in/opt-out buttons with a separate pop-up dialogue, but I want to have all that stuff handled in just one banner/dialogue (PrivacyWire), anything else is just too annoying for the user.

So any chance I can accomplish this with PrivacyWire? 

[froot]

would be great if you could add custom cookie categories… as of now you can only use and rename the existing ones and those are not plenty

[update AG]

Hi @joshua

Somehow the Scripts aren't loaded (the banner doesn't appear) when we access a url created with URL-Hooks https://processwire.com/blog/posts/pw-3.0.173/#introducing-url-path-hooks?

Can you help?

KR
Orkun

[joshua]

Sorry for my late response in general.
I haven't used ProcessWire ( and therefore also PrivacyWire) in new business projects in the last time but was quiet busy with work.
 

On 3/6/2022 at 10:15 AM, ceberlin said:

Right now, I am using CSS to hide .privacywire and its wrapper on those.

I think that actually is the easiest way right now.

 

On 5/29/2022 at 12:37 PM, fruid said:

Is PrivacyWire GDPR compliant? (General Data Protection Regulation in the EU)

In general yes. But it depends on how you implement PrivacyWire and the 3rd-party scripts!

 

On 5/29/2022 at 12:37 PM, fruid said:

So any chance I can accomplish this with PrivacyWire? 

Yes, this is possible. See this forum thread for examples.

On 6/16/2022 at 9:27 AM, fruid said:

would be great if you could add custom cookie categories

Feel free to fork, add the feature and start an PR.

[joshua]

1 hour ago, update AG said:

Somehow the Scripts aren't loaded (the banner doesn't appear) when we access a url created with URL-Hooks https://processwire.com/blog/posts/pw-3.0.173/#introducing-url-path-hooks?

That's an interesting finding. PrivacyWire hooks into the page->render method for the rendering:

  $this->wire('page')->addHookBefore('render', $this, 'initiatePrivacyWire');

Is this still called when accessing a URL created with URL-Hooks? If not, what would be an alternative point to hook=

[ngrmm]

@joshua does privacywire log user clicks?
As far as I understood you must have a „consent log“.
„… By default, consents collected through the Cookie Notice banner and/or the Privacy Notice link are automatically logged so that you can access the information at any time. Your consent log is basically a list of users who interact with the banner by either consenting or declining to the use of their information.“

CookieBot for example does this:
„Cookiebot CMP stores the user's selection for 12 months, after which the banner automatically reopens to renew the user's consent. …

All user consents are automatically logged in anonymized form and encrypted. A data processing contract (DSGVO) is not required. The consent log can be downloaded from the manager and used for documentation.“

or cookiehub: https://www.cookiehub.com/de/produkt/premium/einwilligungsprotokoll

[Marcel Stäheli]

Hello

I am using the great module PrivacyWire, it worked fine so far. However, a new website I am working on will use Content Security Policy (CSP) and this blocks the script created by PrivacyWire.

The CSP for scripts looks like this:

script-src 'self' https: 'unsafe-inline' 'nonce-" . $nonce . "' 'strict-dynamic; 

Every script tag needs the nonce value. It is created in the _init.php template and used by every page.

How do I add the nonce to the script tag in the module? I found the part that writes it, but I don't know how to access the $nonce variable from the module.

[wbmnfktr]

First idea:

This way you can change and modify it to your needs.

See also: https://github.com/webworkerJoshua/privacywire/blob/master/PrivacyWire.module#L55

[Marcel Stäheli]

Thank you for your reply.

I had a look at the instructions in the comments of the module file and I'm afraid I dont know enough about modules or PHP to get it to work.

I added the 4 module functions in step 2-5 to my template like this
head:

body:

and commented them out in the module file. However I still get   Notice: Undefined variable: nonce in \site\modules\PrivacyWire\PrivacyWire.module on line 108

What am I doing wrong?

 

 

 

[wbmnfktr]

I'd go step by step just by adding static content aka JS, CSS paths and finally the HTML part.

Just to test if it's working as expected. From there I would add the things you already tried.

Maybe I can play with it and test it on my own the next days.

[verdeandrea]

Hi and thanks for your module!

I am trying to install it, but I get this errors:
InputfieldWrapper: Skipped field 'cookie_groups' because module 'InputfieldAsmselect' does not exist 
InputfieldWrapper: Skipped field 'content_banner_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_details_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_privacy_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'content_banner_imprint_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'ask_consent_message' because module 'InputfieldCkeditor' does not exist

I am on PW version 3.0.123

Do you know what can be causing this issue?

Thanks

[overoon]

On 8/1/2022 at 2:20 PM, verdeandrea said:

Hi and thanks for your module!

I am trying to install it, but I get this errors:
InputfieldWrapper: Skipped field 'cookie_groups' because module 'InputfieldAsmselect' does not exist 
InputfieldWrapper: Skipped field 'content_banner_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_details_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_privacy_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'content_banner_imprint_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'ask_consent_message' because module 'InputfieldCkeditor' does not exist

I am on PW version 3.0.123

Do you know what can be causing this issue?

Thanks

Hi, this occured when i was running an old version of processwire. Simply deinstall the module, update processwire and then you should be good.

[Cybermano]

On 8/1/2022 at 2:20 PM, verdeandrea said:

Hi and thanks for your module!

I am trying to install it, but I get this errors:
InputfieldWrapper: Skipped field 'cookie_groups' because module 'InputfieldAsmselect' does not exist 
InputfieldWrapper: Skipped field 'content_banner_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_details_text' because module 'InputfieldCkeditor' does not exist
InputfieldWrapper: Skipped field 'content_banner_privacy_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'content_banner_imprint_link' because module 'InputfieldUrl' does not exist
InputfieldWrapper: Skipped field 'ask_consent_message' because module 'InputfieldCkeditor' does not exist

I am on PW version 3.0.123

Do you know what can be causing this issue?

...

 

Found same problem, and the reason isn't in PW old version as mentioned, but in few line of code of the module that calls the field type in a short but wrong way (in PrivacyWire 1.1.0 it was right).

Solved editing PrivacyWireConfig.php at those lines

// line 15
'type' => 'asmselct' -> 'type' => 'InputfieldAsmSelect'

// lines 126, 151, 273
'type' => 'ckeditor' -> 'type' => 'InputfieldCKEditor'

// lines 167, 184
'type' => 'url' -> 'type' => 'InputfieldUrl'

I have opened an issue on github: https://github.com/webworkerJoshua/privacywire/issues/25
 

[Cybermano]

On 8/25/2022 at 1:35 AM, overoon said:

Hi, this occured when i was running an old version of processwire. Simply deinstall the module, update processwire and then you should be good.

Hi overoon, 
I also think that maintaining PW up to date is mandatory, but in this case isn't the reason for the @verdeandrea problem, mine and maybe for the same one occured to others.

As far I know, this module doesn't indicate the minimum required version of PW, so I can assume that it works with all of PW versions.
In this case it's enough to change few line of code in the module config file, as pointed above.

This is only to be clear and it is not a criticism of you or of your post. ?