feat!: Decrease cookie expiration to 5 hours, only set cookie when necessary and only disable cookie if `localeCookie: false` is set

[amannn]

With this change, next-intl is now compliant with the latest GDPR requirements out of the box without any work necessary on the app developer side (see docs).

If you want to increase the cookie expiration, e.g. because you're informing users about the usage of cookies or if GDPR doesn't apply to you, you can use the maxAge attribute to do so:

// i18n/routing.tsx

import {defineRouting} from 'next-intl/routing';

export const routing = defineRouting({
  // ...

  localeCookie: {
    // Expire in one year
    maxAge: 60 * 60 * 24 * 365
  }
});

Breaking changes

1. The maxAge attribute of the locale cookie is decreased from 1 year to 5 hours in order to be GDPR-compliant.
2. The locale cookie is now only set when the user's language doesn't match a requested locale. E.g. a user with accept-language: 'en' will cause a cookie to be set when /de is requested to remember the preference for de. In case you've previously relied on NEXT_LOCALE to always be available, please consider reading the locale via getLocale.
3. localeDetection: false previously ambiguously also disabled the cookie from being set. This is no longer the case. For consistency, you can now use the explicit localeCookie: false option instead.

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
next-intl-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 30, 2024 11:16am
next-intl-example-app-router	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 30, 2024 11:16am
next-intl-example-app-router-without-i18n-routing	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 30, 2024 11:16am