klaro-org / klaro-js

Klaro Privacy Manager. An open-source, privacy-friendly & compliant consent manager for your website.
https://klaro.org
Other
1.19k stars 254 forks source link

Load required service not until user accept consent #313

Open pdyckerhoff opened 4 years ago

pdyckerhoff commented 4 years ago

Hi there!

First, thx for this nice piece of code :)

My question: Is there a way to load a required services only after the user accept the consent management modal?

Google maps is required to use the project i working on. But i want to load this service in purpose of DSGVO after the user accept the consent management. If i configure the service as "required" it will load instant, no matter if i use a data-src attribute or change other config values for the service.

In my opinion the connection to google (maps) should be coming after the accept action no matter if it is necessary or not.

My compromise solution for the service:

name: 'googleMaps', default: true, title: 'Google Maps', purposes: ['required'], required: false,

and

mustConsent: true

Thats a way the service don´t load instantly, is selected by default and the consent modal must be accepted before the user could interact with the site, but the user could deactivate google maps, and it would be much work to get a fallback message on all areas...

Did i missed something or is my case not supported yet?

pdyckerhoff commented 4 years ago

So a bad question or not supported? I am looking forward to some feedback :)

adewes commented 4 years ago

Hi @pdyckerhoff! We're working on context-based consent for these use cases, I think that should solve your issue. I'll let you know once this makes it into the release (soon).

adewes commented 3 years ago

Hey @pdyckerhoff, contextual consent has now arrived in the open-source & commercial Klaro versions, here's the tutorial:

https://kiprotect.com/docs/klaro/tutorials/contextual_consent

Does that solve your issue?

rogoit commented 3 years ago

Hi @adewes I also have the problem, that i see the google and piwik pixel code in source code on first page load...do i have to handle it in my application backend. This would be a problem, cause i have to add API and something like this - thx

adewes commented 3 years ago

Hey @rogoit, not sure I understand exactly what you'd like to do. If you have a tracking pixel or script you should change the src attribute to data-src and add a data-name attribute so Klaro knows which elements belong to the given service.

The contextual consent is for embedded functionality like Youtube videos or Google Maps objects.

We will soon offer different consent strategies that will enable Klaro to automatically detect and deactivate trackers and third-party scripts, this strategy does not work completely reliably though due to technical reasons so I'd see it more as an emergency solution for cases where you can't modify your source code. Normally the method of modifying your source code is really best in terms of compliance and privacy friendliness.

rogoit commented 3 years ago

Please check this here. Maybe its wrong ticket here https://github.com/nevercodealone/cms-symfony-sulu/blob/feature/cookie-klaro/templates/partial/analytics.html.twig

When I start the page every pixel is in the source code. In my understanding it will not be there the google pixel, when user do not select google...or how will i work with this?

adewes commented 3 years ago

Hi @rogoit, thanks for sharing the snippet, I think I understand the problem. The issue seems to be that you add a data-name but you don't add any type to your script. The browser treats scripts without explicit type to have type application/javascript, hence it executes them directly.

You should add type="text/plain" and data-type="application/javascript" to the script tag, Klaro will then be able to correctly manage the tracker.

pdyckerhoff commented 3 years ago

Hey @pdyckerhoff, contextual consent has now arrived in the open-source & commercial Klaro versions, here's the tutorial:

https://kiprotect.com/docs/klaro/tutorials/contextual_consent

Does that solve your issue?

yes and no :) Contextual consent is really a good feature for embed youtube videos, where a double click is needed. My intention was: Make a service required but still don't load it before the user doesn't accept this (mustconsent: true).

This would be my idea/condtion for the solution:

If a service has required=true and general config has mustConsent: true = data-src doesn't replaced until user accept it. The btn in the popover is still disabled (can´t turned off).

Still, thanks for your Work ;)

adewes commented 3 years ago

Hi @pdyckerhoff, I think we have different ideas about what a required service is: For us, it's a service without which the website won't function correctly (e.g. an e-commerce software that uses cookies to store your session ID), so it can never be toggled off (as this would break the website) and is shown in Klaro only for informational purposes.

In general, no services will be loaded until the user gives consent, this is true for both the normal consent flow as well as the forced flow (mustConsent=true). In addition, we support an "accept all" flow that will toggle all services on automatically. Alternatively, you can choose which services you want to be pre-selected in the modal (by setting default=True), those services will then be enabled when the user clicks on OK in the notice or the modal.

So in your case I'd set default:true and acceptAll:false globally and then set default:false for the services that you don't want to be enabled automatically when the user clicks on OK (you can then enable them via a different mechanism).

rogoit commented 3 years ago

...its still in the source code. Maybe we can just add plaseholders to html and than wen user select and press accept button it will be fired to the dom. But i do not know how to add pixel to reload or new page html or it comes everztime from js on load

rogoit commented 3 years ago

...repo pushed ;)

ZhuravlevaS commented 1 year ago

I have similar problem. I have the tool that is required, but it is loaded before the user accepted the consent. The value mustConsent turned to true, but the tool is loading any way. I do not understand this logic and I have found the commit that is changed the behavior https://github.com/kiprotect/klaro/commit/0409098b132081a63ad1a6bf10a25b60840f061b. As I understand there was already the variable optOut to manage this case.

svkmedia commented 1 year ago

@adewes I agree with @pdyckerhoff I don't think if something is required it needs to load automatically on page load. Imagine your site is using recaptcha which is necessary for all the forms. It means recaptcha is required. But when visitor visit your page but he doesn't agree with using recaptcha he doesn't have chance to leave website without loading recaptcha because it was already loaded. I have same issue with your package so I will need to search for different alternative

rogoit commented 1 year ago

...let do this together, feel free to contact me ;)