jurgenhaas → credited kgertz → .
I've just tested the issue fork and this works and looks fine to me. The only thing I noticed was a composer error during drush site:install because of missing module menu_link_attributes (installed it manually then to test).
Another finding is that when you load a page with a video for the first time (no consent given so far), the option that comes with the thumbnail is "Yes". If you open the klaro dialog with "My privacy settings" and switch "Embedded external content" on, the content shows up as expected. If you do this again and switch it off, the thumbnail an the question appear again, plus a second option "Always" appears next to "Yes". Does anyone know why "Always" is not an option in the first time?
jurgenhaas → credited kgertz → .
jurgenhaas → credited kgertz → .
jurgenhaas → credited kgertz → .
jurgenhaas → credited kgertz → .
jurgenhaas → credited kgertz → .
@jurgenhaas @boromino that is what I briefly mentioned in our last UG meetup: IF some module in Drupal sets cookies (via the Set-Cookie HTTP Header) OR does any other GDPR-related stuff (e.g. tracking the behavior of authenticated users), then it should also be included in the consent management.
However, I don't know which modules would behave like that. The only occurence of the "Set-Cookie" header I am aware of is in the SessionConfiguration class - the session cookie which is clearly needed for functionality. So - is there any way of searching all contrib sources for possible other occurences?
Other cookies can only be set by javascript libs/apps or by embedding external media via iframes, both of which should be loaded only with the user's consent anyway. Or am I missing something else?
jurgenhaas → credited kgertz → .
Just an idea that came into my mind about the (external) audit process (regarding the loaded resources and the domains they come from): we could use the user's browsers themselves as "monitoring system" by accessing the browser's Performance API
to evaluate the origins. This could be matched with a list of "allowed domains" in the sense of consent management. So we could, for example, send an alert back to Drupal if the browser detects the loading of a resource from host a when that host / service is not among the ones the user has given consent to.
Wow, I had no clue that there are so many gdpr related modules.
My first thought about this: while its imo totally OK to use third party libraries like CookieConsent or Klaro (or whatever instead of doing that work agein) as a consent management tool, I would rather rule out modules that use third party services (like Cookiebot or Clickio) as they would establish dependencies to external systems.
External libraries should be installed/hosted locally anyway and where that is not possible for whatever reason, the assetfetcher module sounds promising (but I don't have any experience with it - has anyone used it?)
jurgenhaas → credited kgertz → .
I would suggest to give the COOKiES → module a try:
- it has many integrations with popular other modules
- can handle even markup in output filters (e.g embedded iframes in user markup)
- handles JS output of other modules
- provides a nice ui through the COOKiES JSR library
jurgenhaas → credited kgertz → .
jurgenhaas → credited kgertz → .
Now it works fine with these changes, thanks a lot!