Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Problem/Motivation
We would like to improve the GDPR support for the module by blocking third party iframes from loading before user has agreed to functional cookies.
There is an example how to implement this with Cookie information.
Proposed resolution
We would like to add a new config setting for blocking third party iframes from loading.
User interface changes
Add a new checkbox to the module settings page to block iframes from loading by default.
Data model changes
A new boolean setting for blocking iframes.
Issue fork cookieinformation-3194494
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #7
kekkisAlso this is ready for review, so setting status.
Comment #8
HeikkiY CreditAttribution: HeikkiY commentedWhile developing this module we noticed that there was a problem because the iframe blocking code was also interfering with Cookie informations own iframe.
This results in the following error in the console.
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://policy.app.cookieinformation.com') does not match the recipient window's origin ('https://www.example.com').
We would need to improve the iframe blocking to exclude the iframe generated by Cookie information:
<iframe name="cookie-information-sharinglibrary-iframe" title="Cookie Information cookie sharing library" data-consent-src="https://policy.app.cookieinformation.com/cookiesharingiframe.html" data-category-consent="cookie_cat_functional"></iframe>
We could recognize it for example with the name attribute.
Comment #9
kekkisSetting to NW per #8.
Comment #10
HeikkiY CreditAttribution: HeikkiY commentedComment #12
HeikkiY CreditAttribution: HeikkiY commentedThis needs rebasing for 1.x branch and also support for 2.x branch.
Comment #13
HeikkiY CreditAttribution: HeikkiY commentedComment #14
kekkisUpdated MR so it's mergeable against 8.x-1.x. Also added entry in config schema and added an update hook to set the default to false for existing installations.
Comment #15
kekkisThe MR also seems to be mergeable to 2.x.
Comment #16
kekkisAdded core/once support and corrected the use of the data attribute in the MR. See https://api.jquery.com/data/ especially regarding the format of the data attribute name when reading it using jQuery.data().
Comment #17
HeikkiY CreditAttribution: HeikkiY commentedComment #19
kekkisThanks a lot everyone for the work on this!