Page MenuHomePhabricator
Create Task
Maniphest T278219

Explicit cookie consent in banner
Open, Needs TriagePublic
Actions

Description

I've added four explicit consent checkboxes to the cookie banner:

Four checkboxes for required, preference, statistic and marketing cookies are added to the cookie banner

iridium_euaX3fQe5V.png (81×717 px, 5 KB)

Those preferences are saved to a 'cookiewarning_preferences' cookie, and to the user options if the user is logged in

Cookie settings are viewable and changeable in the user preferences

iridium_s0rZtLhcxd.png (185×470 px, 9 KB)

Six new config values are added:

  • $wgCookieWarningEnablePreferences
    • Set to true to enable granular choosing of consent for different cookie groups
  • $wgCookieWarningUnsetCookies
    • Unsets all cookies that are not strictly required
  • $wgCookieWarningSetCookiesSessionOnly
    • Instead of unsetting, tries to set all cookies to session only and samesite secure
  • $wgCookieWarningRequiredCookies
    • A list of cookie names that can't be unset
    • Defaults: ["cookiewarning_dismissed", "cookiewarning_preferences", "UserID", "UserName", "Token", "_session", "mwuser-sessionId"]
  • $wgCookieWarningPreferenceCookies
    • A list of cookie names that belong to the preference group
    • Defaults: ["VEE", "forceHTTPS", "thanks-thanked"]
  • $wgCookieWarningStatisticCookies
    • A list of cookie names that belong to the statistic group
  • $wgCookieWarningMarketingCookies
    • A list of cookie names that belong to the marketing group

All cookie groups are based on GDPR: https://gdpr.eu/cookies/

These groups will only have an effect if $wgCookieWarningUnsetCookies is true.

If $wgCookieWarningUnsetCookies is set to true, each cookie name is checked against all four lists, if nothing was found, the cookie is unset.

NOTE: Cookies that are set through javascript can still be set, but will be unset each page load if unset cookies is set to true.

Preferences from the preference cookie are saved in the database after a successful login

The maintenance script RemoveDismissedState can be used to force the display of the cookiebanner.
The maintenance script only removes the UPO that hides the banner, so that the banner with the preference toggles is shown again

Additionally five hooks are introduced:

  • CookiePreferencesChangedHook::onPreferencesChanged( array $preferences )
    • This hook is run after the user changed the cookie preferences through the settings menu
  • CookieListRetrieveHook::onCookieListRetrieve( array &$required, array &$preference, array &$statistics, array &$marketing )
    • Allows to add cookie names to the list of allowed cookies, or to remove present ones
  • CookieAllowedCheckHook::onCookieAllowedCheck( bool &$allowed, string $cookieName, array $preferences )
    • Run right before deciding if a cookie is allowed
  • mw.hook( 'cookiewarning.dismissed' ).fire( true );
    • Fired when the accept button was clicked in the banner
  • mw.hook( 'cookiewarning.preferences_set' ).fire( preferenceData );
    • Fired after the preference cookie was set

The state of each preference is saved in the user properties:

  • cookiewarning_cookies_required (always true)
  • cookiewarning_cookies_preference
  • cookiewarning_cookies_statistic
  • cookiewarning_cookies_marketing

Related ticket: T249248

Details

SubjectRepoBranchLines +/-
epic: Add cookie preferences to extensionmediawiki/extensions/CookieWarningmaster+1 K -440
Customize query in gerrit

Related Objects

Event Timeline

Octfx created this task.Mar 23 2021, 10:09 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 23 2021, 10:09 AM
Octfx updated the task description. (Show Details)Mar 23 2021, 10:13 AM
Octfx updated the task description. (Show Details)Mar 23 2021, 10:20 AM
Aklapper added a comment.Mar 23 2021, 10:54 AM

Thanks for taking a look at the code. You are very welcome to use developer access to submit the proposed code changes as a Git branch directly into Gerrit which makes it easier for maintainers to review and provide feedback.

gerritbot added a comment.Mar 23 2021, 11:35 AM

Change 674286 had a related patch set uploaded (by Octfx; owner: Octfx):
[mediawiki/extensions/CookieWarning@master] epic: Add cookie preferences to extension

https://gerrit.wikimedia.org/r/674286

gerritbot added a project: Patch-For-Review.Mar 23 2021, 11:35 AM
Octfx updated the task description. (Show Details)Mar 23 2021, 12:28 PM
alistair3149 awarded a token.Mar 23 2021, 12:30 PM
Octfx updated the task description. (Show Details)Mar 23 2021, 1:15 PM
Octfx updated the task description. (Show Details)Mar 23 2021, 1:21 PM
AmazingWikis subscribed.Mar 23 2021, 1:40 PM
Octfx updated the task description. (Show Details)Mar 23 2021, 1:44 PM
Octfx updated the task description. (Show Details)Mar 23 2021, 2:02 PM
alistair3149 updated the task description. (Show Details)Mar 23 2021, 2:46 PM
alistair3149 added a project: Privacy.
Octfx updated the task description. (Show Details)Mar 23 2021, 3:12 PM
JFishback_WMF added a project: Privacy Engineering.Mar 25 2021, 10:08 PM
JFishback_WMF moved this task from Incoming to Watching on the Privacy Engineering board.
TheVoidwalker subscribed.Jul 4 2021, 7:33 PM
KeybladeSpyMaster subscribed.Oct 13 2021, 12:47 AM
Universal_Omega subscribed.Mar 5 2024, 8:53 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL