I've added four explicit consent checkboxes to the cookie banner:
Four checkboxes for required, preference, statistic and marketing cookies are added to the cookie banner
Those preferences are saved to a 'cookiewarning_preferences' cookie, and to the user options if the user is logged in
Cookie settings are viewable and changeable in the user preferences
Six new config values are added:
- $wgCookieWarningEnablePreferences
- Set to true to enable granular choosing of consent for different cookie groups
- $wgCookieWarningUnsetCookies
- Unsets all cookies that are not strictly required
- $wgCookieWarningSetCookiesSessionOnly
- Instead of unsetting, tries to set all cookies to session only and samesite secure
- $wgCookieWarningRequiredCookies
- A list of cookie names that can't be unset
- Defaults: ["cookiewarning_dismissed", "cookiewarning_preferences", "UserID", "UserName", "Token", "_session", "mwuser-sessionId"]
- $wgCookieWarningPreferenceCookies
- A list of cookie names that belong to the preference group
- Defaults: ["VEE", "forceHTTPS", "thanks-thanked"]
- $wgCookieWarningStatisticCookies
- A list of cookie names that belong to the statistic group
- $wgCookieWarningMarketingCookies
- A list of cookie names that belong to the marketing group
All cookie groups are based on GDPR: https://gdpr.eu/cookies/
These groups will only have an effect if $wgCookieWarningUnsetCookies is true.
If $wgCookieWarningUnsetCookies is set to true, each cookie name is checked against all four lists, if nothing was found, the cookie is unset.
Preferences from the preference cookie are saved in the database after a successful login
The maintenance script RemoveDismissedState can be used to force the display of the cookiebanner.
The maintenance script only removes the UPO that hides the banner, so that the banner with the preference toggles is shown again
Additionally five hooks are introduced:
- CookiePreferencesChangedHook::onPreferencesChanged( array $preferences )
- This hook is run after the user changed the cookie preferences through the settings menu
- CookieListRetrieveHook::onCookieListRetrieve( array &$required, array &$preference, array &$statistics, array &$marketing )
- Allows to add cookie names to the list of allowed cookies, or to remove present ones
- CookieAllowedCheckHook::onCookieAllowedCheck( bool &$allowed, string $cookieName, array $preferences )
- Run right before deciding if a cookie is allowed
- mw.hook( 'cookiewarning.dismissed' ).fire( true );
- Fired when the accept button was clicked in the banner
- mw.hook( 'cookiewarning.preferences_set' ).fire( preferenceData );
- Fired after the preference cookie was set
The state of each preference is saved in the user properties:
- cookiewarning_cookies_required (always true)
- cookiewarning_cookies_preference
- cookiewarning_cookies_statistic
- cookiewarning_cookies_marketing
Related ticket: T249248