search

justinribeiro / lite-youtube

The fastest little YouTube web component on this side of the internet. The shadow dom web component version of Paul's lite-youtube-embed.
https://www.npmjs.com/package/@justinribeiro/lite-youtube
MIT License
836 stars 63 forks source link

lite-youtube <-> prevent Cookie/Local storage if user selects "Deny" from Consent Management System Modal || EU GDPR #103

Closed Sidhantp12 closed 5 days ago

Sidhantp12 commented 3 months ago

I see, there is a basic setting here to add "nocookie" attr for using the src as youtube-nocookie.com while using lite-youtube for embedding.

image

While using the src as "youtube-nocookie.com" doesn't prevent all the cookie/local storage (see -> https://forum.ghost.org/t/howto-lightweight-youtube-embed-without-cookies/35350), which is still illegal according to EU GDPR. hence is there any way for customers like us who is using your lite-youtube embedding feature to have new consent related parameters, which would respect the website user's consent and prevent setting up cookie/local storage.

Something like this -> https://support.cookiebot.com/hc/en-us/articles/360003790854-Iframe-cookie-consent-with-YouTube-example.

We are currently using cookiebot as our CMS.

justinribeiro commented 3 months ago

While using the src as "youtube-nocookie.com" doesn't prevent all the cookie/local storage (see -> https://forum.ghost.org/t/howto-lightweight-youtube-embed-without-cookies/35350), which is still illegal according to EU GDPR. hence is there any way for customers like us who is using your lite-youtube embedding feature to have new consent related parameters, which would respect the website user's consent and prevent setting up cookie/local storage.

Correct; the nocookie attribute isn't for GDPR support and never was from YouTube's standpoint. It's only for their "Privacy-Enhanced Mode" which still uses cookies behind the scene, but doesn't track/personalize against the known YouTube user.

prevent Cookie/Local storage if user selects "Deny" from Consent Management System Modal || EU GDPR

Because the iframe is lazy-loaded, you could do this a number of ways without any changes to lite-youtube. For example, you can put your own cookie acceptance in front before loading the web component. Basically, something to the extent of:

<script type="module">
const myConsentAcceptButton = document.querySelector('#myconsentacceptbutton');

myConsentButton.addEventListener('click', async () => {
  // great, consent, load the module
  await import('lite-youtube.js');
}, { once: true });
</script>

<lite-youtube>
  <!-- lightdom is replaced once imported -->
  <button id="myconsentacceptbutton">I accept the cookies to watch this video</button>
</lite-youtube>

In terms of preventing the setting of cookies, I can't make that happen, as I don't control YouTube to that extent that would change the underlying behavior of the iframe that is injected.