search

cybotcorp / gtm-templates-cookiebot-cmp

Template for using Cookiebot Consent Management Provider (CMP) in Google Tag Manager
Apache License 2.0
4 stars 8 forks source link

Create server side client tag template and allow uc.js request to be proxied #24

Open luukfiets opened 1 year ago

luukfiets commented 1 year ago

Hi @Soreg,

With a Google server side GTM container it’s possible to proxy the request to consent.cookiebot.com/uc.js. Instead of getting the JS file directly from Cookiebot, we have set up our client side tag to send the requests to our GTM server url. This url is a subdomain of the clients domain.

In the server sided container we have set up a client that listens to the uc.ja path. It then claims the request, fetches the JavaScript file on the server and sends it back to the browser. The browser now thinks this JS file comes from a first party source (the subdomain). This has two benefits:

  1. Users with ad blockers might block requests to consent.cookiebot.com/us.js. By using a custom subdomain to proxy the request for the JS file, we prevent our request from being blocked by af blockers.
  2. Since the proxied JS file is now a first party resource, the cookies it sets will live longer.

Having said that, I would like to hear your thoughts on providing a general server side Cookiebot client and making adjustments in the current GA4 (client side) Cookiebot tag.

For the client side Cookiebot tag template it needs to allow the JS file to be fetched from a custom domain.

For the server side client template code you might want to have a look at the client template we created ourself:

const claimRequest = require('claimRequest');
const getRequestPath = require('getRequestPath');
const getRequestQueryString = require('getRequestQueryString');
const returnResponse = require('returnResponse');
const sendHttpGet = require('sendHttpGet');
const setResponseStatus = require('setResponseStatus');
const setResponseBody = require('setResponseBody');
const setResponseHeader = require('setResponseHeader');

var requestPath = getRequestPath();

if (requestPath.indexOf('cc.js') !== -1 || requestPath === '/logconsent.ashx' || requestPath === '/uc.js') {
  claimRequest();
  var queryString = getRequestQueryString();

  var url = 'https://consent.cookiebot.com' + requestPath + '?' + queryString;

  sendHttpGet(url, (statusCode, headers, body) => {
    for (let header in headers) {
      setResponseHeader(header, headers[header]);
    }
    setResponseStatus(statusCode);
    setResponseBody(body);
    returnResponse();
  }, { timeout: 3000 });
}

Please let me hear your thoughts on this. I’m happy to help with making the required changes.

Best, Luuk

Soreg commented 4 months ago

Hey Luuk, Sorry for the (very) late reply. I'll make an effort to check issues on a regular basis in the future 🙂.

We are currently discussing server side support internally, so sadly I don't have an update this time around. I'll let you know when I have something more concrete.