Contrib.social

Enable privacy apps when applying Goggle Tag recipe

Open on Drupal.org β†’
Created on 25 November 2024, 27 days ago

Problem/Motivation

We need to have a small enhancement in the recipe.yml file from ✨ Add Google Tag recipe Active to enable the privacy settings for GA and GTM. Those are:

config:
  actions:
    klaro.klaro_app.ga:
      simpleConfigUpdate:
        status: true
    klaro.klaro_app.gtm:
      simpleConfigUpdate:
        status: true

The Klaro module and the apps are all available by default in Drupal CMS, but the apps remain disabled until something gets installed which requires them to become enabled. This is what those to config actions achieve.

Proposed resolution

The option that the privacy recipe enables all apps by itself, is not what we should do as that would show a long list of services that the user needs to think about their consent, even though GTM and others aren't available in a lot of cases.

That's why each component, that adds extra privacy relevant functionality needs to enable the privacy handling themselves, so that the consent management for end user remains specific and doesn't overwhelm them with unnecessary decisions.

πŸ“Œ Task
Status

Active

Component

Track: Analytics

Created by

πŸ‡©πŸ‡ͺGermany jurgenhaas Gottmadingen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @jurgenhaas
  • Comment 19 days ago β†’
    πŸ‡¨πŸ‡­Switzerland berdir Switzerland

    I think this is similar to my notes in the multilingual meta issue about recipes needing to optionally integrate with each other? Not sure if the analytics reipes should depend on the privacy recipes, or vice versa.

    Also, simpleConfigUpdate should not be used on config entities, there is an issue to block that. It might cause bugs, because doing so will bypass config entity hooks for example.

  • Comment 19 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    A reasonable solution for this particular case, I think, is to have the drupal_cms_analytics recipe depend on and apply the drupal_cms_privacy_basic recipe, explicitly import these two Klaro apps, and then set their status to TRUE.

    So, a representative snippet of drupal_cms_analytics' recipe.yml:

    recipes:
  - drupal_cms_privacy_basic
install:
  - klaro
config:
  import:
    klaro:
      - klaro.klaro_app.ga
      - klaro.klaro_app.gtm
  actions:
    klaro.klaro_app.ga:
      enable: []
    klaro.klaro_app.gtm:
      enable: []
  • Comment 19 days ago β†’
    πŸ‡¦πŸ‡ΊAustralia pameeela

    Agreed, I think it makes sense for GTM to depend on privacy.

  • Comment 19 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    Assigning to @dharizza for implementation when ✨ Add Google Tag recipe Active lands.

  • Comment 19 days ago β†’
    πŸ‡©πŸ‡ͺGermany jurgenhaas Gottmadingen

    Something to consider, when addressing this to enable the consent management services for GA and GTM, is also the visibility of the consent management widget.

    As a default, the privacy track has made that widget invisible, i.e. most users won't notice it, ever. This is suitable for most sites, as users find cookie banners and other widget annoying. For good reasons.

    However, for GA and GTM, the priority might be different. If a site wants to track users, it is more interested in getting their consent. Therefore, it might be suitable to enable the widget to show to all users by default on those sites that apply the analytics recipe.

    If that's the case, then the recipe should also enable that with this:

    config:
  actions:
    klaro.settings:
      simpleConfigUpdate:
        dialog_mode: notice
  • Comment 19 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts
  • Comment 19 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    The analytics recipe is in so this can now proceed.

  • Comment 19 days ago β†’
    πŸ‡©πŸ‡ͺGermany jan kellermann

    FYI: The user generated callbacks will be blocked by CSP module. 

    Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src * 'unsafe-inline' 'report-sample'".
  • First commit to issue fork.
  • Merge request !275Enable privacy apps when applying the analytics recipe. β†’ (Merged) created by dharizza
  • Comment 17 days ago β†’
    πŸ‡¨πŸ‡·Costa Rica dharizza
  • Pipeline finished with Failed
    17 days ago
    Total: 679s
    #359592
  • Comment 17 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    Looks straightforward, but a couple of things need to be changed.

  • Pipeline finished with Failed
    17 days ago
    Total: 1332s
    #359593
  • Pipeline finished with Failed
    17 days ago
    Total: 470s
    #359617
  • Pipeline finished with Canceled
    17 days ago
    Total: 516s
    #359616
  • Pipeline finished with Failed
    17 days ago
    Total: 679s
    #359619
  • Pipeline finished with Failed
    17 days ago
    Total: 925s
    #359620
  • Pipeline finished with Failed
    17 days ago
    Total: 654s
    #359629
  • Pipeline finished with Success
    17 days ago
    Total: 1559s
    #359630
  • Comment 17 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    Looks solid to me! Tests are passing, so I feel good about it.

  • Pipeline finished with Skipped
    17 days ago
    #359649
  • Comment 17 days ago β†’
    System Message
  • Comment 17 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States phenaproxima Massachusetts

    Great privacy improvement! Merged into 0.x. Thanks!

  • Comment 3 days ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024