wet_cookie_consent: GDPR cookie consent for Textpattern CMS

wet · Yesterday 17:14:48

wet_cookie_consent adds a lightweight, configurable cookie consent notice to your Textpattern site. Visitors can accept or reject cookies; their choice is stored. The notice may include a link to your privacy policy page.

Text configured by a textpack of your choosing. Minimal integration effort.

Bloke · Yesterday 18:19:32

At last! I traditionally (ab)use oui_cookie for this purpose, but it always seems hackish or overkill to use simply for consent purposes. To have a dedicated plugin is going to be a superb addition. Thank you.

jakob · Yesterday 20:43:47

Do I understand correctly, that this basically makes “okay” necessary to dismiss the consent box? There’s only the option “OK” as far as I can see.

Bloke wrote #342582:

I traditionally (ab)use oui_cookie for this purpose, but it always seems hackish or overkill to use simply for consent purposes.

I’m guessing you may still need oui_cookie to act on whether or not consent has been given (i.e. the cookie exists or not), and if you want to give users the opportunity to change their cookie settings at a later date.

wet · Yesterday 21:03:57

jakob wrote #342583:

Do I understand correctly, that this basically makes “okay” necessary to dismiss the consent box?

Yes, it’s minimal by design. I don’t see the point of those cookie consent quagmires that seem to be everywhere these days, with lots of options that no one cares about, and shielding divs that hide the content until you disable uBlock because some of these shields are on a blocklist, and then some more. First visit, will never come back, thank you.

…if you want to give users the opportunity to change their cookie settings at a later date.

Is this a real thing? Do these people exist in real life?

Bloke · Yesterday 21:30:34

wet wrote #342584:

Is this a real thing? Do these people exist in real life?

Not so much to change my settings, but those ridiculous sites that have no Reject All options and show you 400 “partners” and 250 more that have some vague “legitimate interest” in your data, then yes I have been known to go through and turn off all the toggles by hand.

The worst one was when I did that on a newly installed Android game, pressed Save My Choices and was greeted with a popup that said I would be unable to run the game unless I accepted the advertiser tracking cookies! The illusion of choice, haha.

Needless to say, that game was uninstalled pronto.

jakob · Yesterday 22:14:55

I agree, of course, about the monster cookie consent scripts, which seem to be proliferating everywhere, also on reputable homepages. Where its feasible, I avoid services that need cookies (as I have for a site launched today), but that’s another topic.

However:

As a user, I dislike having either the option to give consent or endure the notice. I like to be able to dismiss it by giving consent for necessary cookies only.
Sometimes (!) I appreciate the option to distinguish between navigation aids that use cookies or local storage (like recently viewed items, or returning to the last overview) and marketing and tracking cookies. Those aids to using a site can’t really be filed as “necessary” cookies but are arguably useful.
I do sometimes want to reverse a decision to allow tracking. For example, I may grant permission so that I can watch an embedded youtube iframe, then afterwards I want to reverse my consent for that. An aside: often you’ll find instructions on how to remove cookies in excessively long data protection policy explanations that do anything but make things clearer. To be frank, I find that disingenuous, and go to the extra effort of letting people change their consent.
As long as no consent has been given, you should/must disable tracking or showing videos, etc. so a cookie detection plugin of some kind is necessary.

Stef and I recently had a site with a medium-monster cookie consent panel with several hundred lines of code and several hundred more of gtag code, and then the cookie panels has no bearing on anything: you’re tracked anyway.

jakob · Yesterday 22:25:00

This was my last take on a relatively simple cookie consent panel:

<oui::if_cookie name="consent" not>
	<div class="cookie-consent-panel">
		<p class="small">We use cookies to remember your preferences and repeat visits and to identify popular articles. You can also <a href="/cookies-policy">customise your settings</a>.</p>
		<div class="consent-buttons">
			<button class="btn-muted js-consent-cookie" data-setcookie="necessary">Necessary only</button>
			<button class="btn-primary js-consent-cookie" data-setcookie="accept">Accept All</button>
		</div>
	</div>
</oui::if_cookie>

and the corresponding js:

// Very simple cookie consent handler
	// Uses https://github.com/js-cookie/js-cookie/
	document.addEventListener('click', function (e) {
		if (e.target.classList.contains('js-consent-cookie')) {
			const consentAction = (e.target.dataset.setcookie || '').toLowerCase();

			// Note: expand if more options are needed
			if (consentAction !== 'accept' && consentAction !== 'necessary' && consentAction !== 'function') return;

			if (consentAction == 'accept') {
				Cookies.set('consent', 'all', { expires: 7 })
			} else if (consentAction == 'functional') {
				Cookies.set('consent', 'functional', { expires: 7 })
			} else if (consentAction == 'necessary') {
				Cookies.set('consent', 'necessary', { expires: 7 })
			}

			// Hide cookie consent panel
			document.querySelector('.cookie-consent-panel').classList.add("hidden");
		}
	}, false);

It does require js-cookie which is thankfully very tiny and can be included inline if desired.

I’m sure you could improve on that.

Textpattern CMS

Textpattern CMS support forum

#1 Yesterday 17:14:48