Contrib.social

Solution for checking localStorage

Open on Drupal.org →
Created on 19 December 2024, 2 days ago

Problem/Motivation

In the AI moduel we currently have the Deepchat module that is built of two different parts - the Deepchat project (https://deepchat.dev/) and a wrapper we have around it so you can open and minimize it.

Currently we have as an option for the site builder to be able to either have this open or closed by default, but it also has the option that it can remember the state. The current solution for this is local storage, which we will have to apply approval for.

This is being used for Drupal CMS. The solution for Drupal CMS covers the Deepchat part before approval, meaning you can not interact with the chat before it has been saved, however the wrapper is possible to interact with. This means that if you click it, it would still store this in local storage, even before approval has been given for this.

We have gotten a MR here ( https://www.drupal.org/project/ai_deepchat/issues/3494722 🐛 Dont set localStorage by default Active ) that would remove the storage when it gets closed, however the issue is that you will still be able to click on the list and toggle it. If you open it this code that touches local storage will still run.

We can remove both instances of the local storage, but then the feature stops working.

Do you have any good solutions for this or did I misunderstand something how Klaro works?

The two solutions I can think of from the AI modules side is:

  1. Add a config specifically for Klaro in the block, so that this code is only run if we look for a specific value in klaro.getManager().consents.
  2. Retheme the chatbot, so that the Klaro overlay can be added over the whole block, before you can toggle it.
🌱 Plan
Status

Active

Version

3.0

Component

Miscellaneous

Created by

🇩🇪Germany marcus_johansson

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @marcus_johansson
  • Comment 2 days ago
    🇩🇪Germany marcus_johansson
  • Comment 2 days ago
    🇩🇪Germany jan kellermann

    Thank you for this issue. I had opened the referenced issue.

    1) In general: The storage of data in the browser is permitted if it is strictly necessary for the provision of a requested service. If opening the chat across page boundaries is part of the service, it can be assumed that writing to the localStorage after the user interaction is permitted. Then you do not need a consensus. I have therefore built the MR so that the localStorage is only used after user interaction and only for as long as it is needed.

    2) You can just ask the Klaro consent state: let consent = klaro.getManager().getConsent('deepchat');.

    3) We have an issue for Klaro that would resolv your problem because all accesses to the browser are prevented until consent is given: https://www.drupal.org/project/klaro/issues/3487461 Blocking Cookies and Storage Sets (proof of concept) Active (I add ^deepChatState_.*$ to the list in service-yaml).

  • Comment 2 days ago
    🇩🇪Germany marcus_johansson

    Thank you @jan kellerman - the #1 was the piece of information I was missing. Then your MR makes total sense.

    Regarding your MR - we moved the project into the core AI module, so I have replicated the issue here, if you want to push the MR again to get proper attribution: https://www.drupal.org/project/ai/issues/3494806 📌 Dont set localStorage by default Active . Sorry about the inconvinience and confusion. I will credit you regardless. Let me know.

    I'll set this to fixed, thank you for the thorough answer!

  • Comment 1 day ago
    🇩🇪Germany jan kellermann

    With pleasure! I am always very happy to discuss the topic of data protection.

    My statement regarding (1) is not a legally binding statement and data protection authorities or courts may have a different opinion.

    In general, it is important that this information is included in the website's privacy policy. To make this transparent, we often include a “Privacy Information” section at the end of our module descriptions and provide information about the processing of personal data, external services and the use of cookies and storage.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024