Cookie consent

[jamesgeddes]

Need to ask users for consent to put cookies on their computer. GDPRify.

Suggestions Potential soltuions might include,

• https://django-cookie-consent.readthedocs.io/en/latest/
• https://pypi.org/project/django-cookiebanner/

Avoid,

• https://pypi.org/project/django-cookie-law/

Impact

High

Urgency

Later

[jamesgeddes]

@sharif2315 is this one you would like to help with?

[jamesgeddes]

@CarwynNelson Can you add your notes here so that @giulio-giunta can review, please?

[CarwynNelson]

I've done slightly more research into the cookie libraries that are available for Django and here are my opinions:

django-cookiebanner

• Pro: From looking at the README this looks like and easy to use
• Pro: There is no extra build system and the API for checking cookies is nice and eay
• Con: This relies on jquery and the jquery-modal library. I would like to avoid jquery in this project as most of the features it provides are built in to browsers these days, or are easily replicated
• Con: The documentation on how to use it is poor
• Con: It looks like it isn't maintained much any more
• Con: There doesn't appear to an easy way to control the theme of this banner

django-cookie-monster

• Pro: Looks fairly easy to use once it is installed
• Pro: Provides a simple and complex cookie banner. Maybe all our cookies will end up being essential?
• Con: It looks like it requires npm to use, which I'm not a fan of. I want to keep things as "default django" as possible
• Con: The documentation on how to use it is poor
• Con: It looks like it isn't maintained anymore
• Con: There doesn't appear to be an easy way to control the theme of the banner

I think it would be fairly easy for us to fork django-cookiebanner and improve the docs, remove the dependency of jquery, and make the styling more consistent with the rest of the website.

I would also like to move away from this modal style of cookie consent and use a banner at the top or bottom of the page. That is just my personal preference, but I also think it is less annoying to users.

Edit: I've just noticed that another major issue with django-cookiebanner is that it does not have a license specified. This causes us some issues. https://github.com/sinnwerkstatt/django-cookiebanner for the repo.

We can probably raise an issue on the Github repo asking them to assign it a license so that we can safely fork it. If that's not the case we will probably have to write this by hand - but not to worry because that shouldn't be too hard.

[CarwynNelson]

https://github.com/sinnwerkstatt/django-cookiebanner have now added the GPLv3 license at our request

[jamesgeddes]

High level TODO

• [x] Get rid of jQuery
• [ ] Change UI to banner at the top
• [ ] Separate page for settings

[jamesgeddes]

Improvement: needs styling

[giulio-giunta]

Currently the cookiebanner config file (bootstrap4.html) is in the GeekZoneHQ /django-cookiebanner repository. I worked on the "issue24" branch, which is the one with the latest changes (I did not merge into master branch). In the requirements.txt file the entry "git+git://github.com/GeekZoneHQ/django-cookiebanner.git@issue24" allows you to pull the cookie-banner straight from the "issue24" branch in the GeekZoneHQ /django-cookiebanner repository, but to make changes you'd better clone the repository and change that entry for the path of the cloned repository in your pc. At the moment the issue with the cookiebanner, apart from the styling that needs improving, is that the "Save" button does not work. Also, if you click on the "Accept all" but you don't turn on the "Analytical" cookies switch, only the "Essential" cookies will be stored in the browser. I believe the JS code should be modified in a way that if you click on "Accept all", the "Analytical" cookies switch should be automatically turned on (along with the "Essential" cookies that cannot be deactivated). By contrast, if you click on "Save" without selecting the "Analytical" cookies, the browser should only store the "Essential" cookies. To make the explanation clearer, I attach some screenshot that better show the issue. Please contact me if you need

more information. Giulio

[tbentham]

Just starting to look at this again - makes a lot more sense now I'm more familiar with the project. I'll sort out the styling first and then see if I can do anything about the buttons malfunctioning.

So is the plan to eventually integrate the code from the 'django-cookiebanner' forked repository into the 'web' repository?

[CarwynNelson]

So is the plan to eventually integrate the code from the 'django-cookiebanner' forked repository into the 'web' repository?

Once we have reached a stable point I hope to contribute as much of our changes back to upstream as possible :) Good open source citizens and all that.

[jamesgeddes]

Added permanent cookie message for now.

[tbentham]

Created a new branch for this called cookies-new and copied code over from the original cookies branch.

Also made the django-cookiebanner repo into a submodule of the web repo, so it's easier to make changes to django-cookiebanner and view them in real-time.

Anyone running this locally will need to run git submodule update --init --recursive to clone the django-cookiebanner repo.