Problem/Motivation

We would like to improve the GDPR support for the module by blocking third party iframes from loading before user has agreed to functional cookies.

There is an example how to implement this with Cookie information.

Proposed resolution

We would like to add a new config setting for blocking third party iframes from loading.

User interface changes

Add a new checkbox to the module settings page to block iframes from loading by default.

Data model changes

A new boolean setting for blocking iframes.

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

HeikkiY created an issue. See original summary.

ilari242 made their first commit to this issue’s fork.

kekkis’s picture

Status: Active » Needs review

Also this is ready for review, so setting status.

HeikkiY’s picture

While developing this module we noticed that there was a problem because the iframe blocking code was also interfering with Cookie informations own iframe.

This results in the following error in the console.

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://policy.app.cookieinformation.com') does not match the recipient window's origin ('https://www.example.com').

We would need to improve the iframe blocking to exclude the iframe generated by Cookie information:

<iframe name="cookie-information-sharinglibrary-iframe" title="Cookie Information cookie sharing library" data-consent-src="https://policy.app.cookieinformation.com/cookiesharingiframe.html" data-category-consent="cookie_cat_functional"></iframe>

We could recognize it for example with the name attribute.

kekkis’s picture

Status: Needs review » Needs work

Setting to NW per #8.

HeikkiY’s picture

Status: Needs work » Needs review

HeikkiY’s picture

This needs rebasing for 1.x branch and also support for 2.x branch.

HeikkiY’s picture

Assigned: Unassigned » kekkis
Status: Needs review » Needs work
kekkis’s picture

Assigned: kekkis » Unassigned
Status: Needs work » Needs review

Updated MR so it's mergeable against 8.x-1.x. Also added entry in config schema and added an update hook to set the default to false for existing installations.

kekkis’s picture

The MR also seems to be mergeable to 2.x.

kekkis’s picture

Added core/once support and corrected the use of the data attribute in the MR. See https://api.jquery.com/data/ especially regarding the format of the data attribute name when reading it using jQuery.data().

HeikkiY’s picture

Version: 8.x-1.x-dev » 2.0.x-dev
Assigned: Unassigned » kekkis
Status: Needs review » Reviewed & tested by the community

  • kekkis committed 3703e94b on 2.0.x authored by ilari242
    Issue #3194494 by ilari242, HeikkiY, kekkis: Add support for blocking...
kekkis’s picture

Assigned: kekkis » Unassigned
Status: Reviewed & tested by the community » Fixed

Thanks a lot everyone for the work on this!

  • kekkis committed 3703e94b on readme-update authored by ilari242
    Issue #3194494 by ilari242, HeikkiY, kekkis: Add support for blocking...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.