Open mlocati opened 5 years ago
I don't quite understand what it is about, but I do not mind ))
Well, the whole stuff about GDPR (and cookie consent) is that we should use cookies that collects user data (for example Google Ads) only after the user accepted that.
So, in the site, we may have a condition like this (pseudo-code):
if ($userAcceptedCookies) {
echo $googleAdsStuff;
}
At the first visit, the cookies are not accepted yet, so we don't print out Google Ads stuff. When the user accepts the cookies, we need to add Google Ads stuff to the page. In the above example, we should reload the page (but we may also implement the alternative solutions I listed above).
Google write cookies to my domain? I think, he use google's domains. I created this block for notify about anything, no only GDPR
Nope. For example, if you browse to https://www.concrete5.org/ you have these cookies:
__cfduid
set by CloudFlare_fbp
set by Facebook Pixel_ga
set by Google Analitycs_gid
set by Google AnalitycsCONCRETE5
the only one set by concrete5 itselfFurthermore, the purpose of displaying an alert to users is not to tell them that the website is using cookies: we ask users to allow the website to use cookies (technical cookies are always allowed, like the CONCRETE5
session cookie).
So, it's not enough to display an alert: the code should act accordingly to the fact that a user has accepted the cookies or not. That's why we need to do something after a user has accepted cookies.
Google Tag Manager (GTM for short) is very helpful in this.
If you don't know it, GTM is a way to manage analytics/tracking codes ("tags" in GTM terms): you create a tag container in GTM and add it to the website.
First, at https://google.com/tagmanager you create a tag container.
The code to be added to the website is something like this (where GTM-XXXXXXX
is the identifier of the created tag container):
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXXX');</script>
this code can rewritten simply as:
<script>
if (!window.dataLayer) {
window.dataLayer = [];
}
window.dataLayer.push({'gtm.start': new Date().getTime(), event:'gtm.js'});
</script>
<script src="https://www.googletagmanager.com/gtm.js?id=GTM-XXXXXXX" async></script>
The actual content of the container GTM-XXXXXXX
is then managed at https://google.com/tagmanager: you don't have to touch your website anymore.
In GTM you can then add to the container all the "tags" you need. GTM supports tons of tags (Google Analytics, Google Ads, custom HTML and many more). You can even instruct GTM to load a tag only if a cookie is set, or when an "event" occurs.
For example, we could add a Google Ads tag to the container, and instruct GTM to load it only when an event called pure_cookies_notice_accepted
is fired.
So, the Pure Cookies Notice block could act like this:
<script>
if (!window.dataLayer) {
window.dataLayer = [];
}
window.dataLayer.push({event: 'pure_cookies_notice_accepted'});
</script>
hideNotify
function:
function hideNotify() {
// ...
document.cookie = cookieName+'=read; path=/; expires=' + date.toUTCString();
if (!window.dataLayer) {
window.dataLayer = [];
}
window.dataLayer.push({event: 'pure_cookies_notice_accepted'});
// ...
}
That's what I meant with send an event to Google Tag Manager (for users using it)
above.
Ok, but, I do not want to limit this block for GDPR only, this functionality should be disabled by default.
Sure!
PS: if not for GDPR, what's the purpose of this add-on? Are there any other cookie-related laws outside the EU?
It block for notify about anything once. Notify about technical work, changes in anything, etc.
I'm going to implement this.
In order to avoid merge conflicts, could you review (accept/deny) https://github.com/guyasyou/Pure-Cookies-Notice/pull/9 ?
Merged
This (wonderful) addon currently shows a warning and sets a cookie when the user accepts the cookies usage.
By the way, the pages may have some custom code that doesn't show some code (for example, Google Ads stuff) if the cookie is not set. When the user accepts the cookie, we should re-enable the disabled code (Google Ads in this example) in some way. This could be done in various ways:
If it's ok, I can implement those "post-consent" events