block third party cookies? OR self-host all videos?

[lucyWMDE]

We have 2 remotely-hosted embedded videos - a vimeo on the landing page and a youtube on the About/Was ist Coding da Vinci? page. Both are saving third party cookies.

Youtube has this nocookies version of the url (which the site currently won't let me use), and vimeo the "dnt=1" url extension option (which I can use, but there still seem to be cookies)... and I saw that there's some kind of global module setting for "Enable privacy-enhanced mode."... but maybe these are anyway only blocking marketing cookies. Currently our Datenschutz statement says the site does not save any third party cookies - if possible we'd like that to be true (getting legal support and approval for the Impressum was bureaucratically really tough).

So... either

• is there something we can install that can block ALL third party cookies?

OR

• I wonder if it's better to just host these videos ourselves... I set the video Abschnitt to accept uploaded mp4s as well as remote videos, but when I test it for both videos it looks weird - I guess the styling hasn't been implemented.

here on the landing page (Abschnitt "video")

here on the About/Was ist Coding da Vinci page (Abschnitt "Textblock rechts/Linke Spalte/Video)

If we go with this option we'd have to improve the styling so that it really looks good (appropriate width, playback controls directly under the video with no gap - video as implemented here would be good enough I think).

What do you think? If we can enable the privacy-enhanced mode so that third party cookies are at least dsgvo-konform then I think we might be able to get the DNB legal to approve... but if there's a decent way we can host ourselves this would be preferred.

[Snater]

We are using the core media module which supports remote video. The ticket you linked refers to a contributed module. We should try to stick to the core module as it will make such contributed modules obsolete in the future.

The ticket discussing our issue is https://www.drupal.org/project/drupal/issues/3043821. I have applied the theme hook that just alters the youtube domain to youtube-nocookie.com as described in the ticket. I am not sure that is a 100% solid solution, but maybe it is good enough?

I would not recommend hosting video. A particular feature missing here is the bandwidth optimisation. You'd need to upload videos for rather low bandwidth to accommodate slower mobile and traffic limited networks. But then, video quality would just not suit desktop devices with high speed internet.

[lucyWMDE]

ok. The nocookie hook solution looks good enough. It really wipes out all cookies. Vimeo, on the other hand, still seems to save cookies. We can just make sure that all embedded videos are hosted on youtube and I think we're good... as long as this workaround stays stable. Thx.