Problem/Motivation

Leaflet module is a very flexible and widely used module providing integration for the https://leafletjs.com/ JavaScript interactive maps library.

It's an alternative to other Drupal Map solutions like Google Maps, Simple Google Maps, etc. which has a similar COOKiES issue here: #3232789: Support Simple Google Map, Google Map field, Geolocation & Geofield

As leaflet is mostly used with views, also the existing issue #3299091: Add submodule to block views with third-party cookies / scripts until consent is given is relevant. It name leaflet as example and reason for the implementation.

So this issue is to decide, how to provide a reliable GDPR solution for blocking leaflet and its external third-party sources until consent is given.

External sources are of two types:

  1. The leaflet libraries loaded from CDN
  2. Used map providers like OSM, Google Maps, ...

None of both should happen without user consent given.

Steps to reproduce

Proposed resolution

Remaining tasks

  • Discuss if blocking views or blocking leaflet explicitly is the right choice
  • Implement
  • Test
  • Release

User interface changes

API changes

Data model changes

Comments

Anybody created an issue. See original summary.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Title: Add submodule for leaflet module » Add submodule for leaflet GDPR
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Title: Add submodule for leaflet GDPR » Add COOKiES submodule for leaflet GDPR
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Related issues: +#3086698: Use Leaflet GDPR conform
ressa’s picture

ressa
he/him
commented

Thanks for creating this issue @Anybody!

The Starshot initiative plan on using the Leaflet module with tiles from OpenStreetMap and Fastly, so perhaps this issue can be revived?

Or do you think https://www.drupal.org/project/eu_cookie_compliance can more easily be configured for OSM and Fastly?

ressa’s picture

ressa
he/him
commented

@roromedia convinced me in Make Starshot compliant from day one (GDPR in the EU, etc.) #79 that pursuing a solution here is the preferred method.

anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Version: 1.1.x-dev » 1.2.x-dev

Thanks @ressa! Happy to review MR's here. I personally think COOKiES is the better approach in contrast to EUCC, but decide yourself. Happy to review MR's here and help, if we need a specific integration for leaflet!

ressa’s picture

ressa
he/him
commented

Thanks @Anybody! I agree that COOKiES is the better approach. I hope someone eventually can add a patch for this.

#3449579: Add support for GDPR-friendly openstreetmap.de was just committed and released in Leaflet More Maps 2.2, which makes GDPR-compliance easier for OpenStreetMap, since only openstreetmap.de is contacted, hosted at Hetzner in Germany, as opposed to using the default OSM solution, which contacts openstreetmap.org and fastly.net, both hosted in Canada and USA.