-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[#2718] Migrate cookie consent from Klaro to Orejime #3199
base: main
Are you sure you want to change the base?
Conversation
Hi @AndreaBarbasso, I tried to test the PR but was unsuccessfull. Maybe there is something I missed. I test through Docker. When I click on "Cookie settings" in the footer, the pop up is not display and the page "frozes" (cannot be scrolled anymore), and an error occurs: |
Hi @AndreaBarbasso, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AndreaBarbasso : We gave this a group code review in today's Developers Meeting. Overall, the changes here look reasonable. The PR needs a rebase though as it's still using yarn
and we've recently switched to npm
(see #3173 )...so the yarn.lock
no longer exists.
I think this may need more testing though to see what happens if a site sets enablePrivacyStatement: false
in their config.yml. It appears this code is now ignoring that setting...which seems like it could be a bug (as the privacy statement itself will return a 404 when that is set to false
). We may need to determine if there's a way to still support enablePrivacyStatement: false
with Orejime.
*/ | ||
initialize() { | ||
if (!environment.info.enablePrivacyStatement) { | ||
delete this.klaroConfig.privacyPolicy; | ||
this.klaroConfig.translations.zz.consentNotice.description = 'cookies.consent.content-notice.description.no-privacy'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be removing the ability to disable the Privacy Statement in DSpace. See the docs at https://wiki.lyrasis.org/display/DSDOC7x/User+Interface+Configuration#UserInterfaceConfiguration-Toggleend-useragreementandprivacypolicy
What happens if someone tries to use this PR when enablePrivacyStatement: false
is set in your config.prod.yml?
"cookies.consent.app.disable-all.description": "Use this switch to enable or disable all services.", | ||
|
||
"cookies.consent.app.disable-all.title": "Enable or disable all services", | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a note for other developers. Initially, the removal of all these keys from json5 files looked confusing to me. But, I see that you are removing keys that are no longer used in Orejime. So, I think this cleanup is correct.
this was happening because of hidden apps not being removed from category arrays.
@pilasou, I managed to solve the problem you encountered. It was happening if a cookie category referenced (by name) at least one app that had been removed from the app list. Thanks! @tdonohue, I managed to keep the current behavior regarding the Right now, we have another situation going on. Quoting the Orejime docs:
So, in a case like the one we can see on the sandbox (where all cookies are mandatory), Orejime will not show any cookie notice on the bottom right corner of the page. What I can see as possible options, right now, are:
Any other idea on how to proceed on this issue? |
Hi @AndreaBarbasso, just want to mentionned that I retested the cookies consent and it works as described. The cookie setting window does not show by default as all default cookies are mandatory. I can display the window by clicking the Cookies setting link in the page footer as shown below: All toogles are on by default and cannot be changed, |
@AndreaBarbasso : We discussed this in today's Developer Meeting. Those in attendance believe that Orejime's default behavior should be GDPR compliant. In other words, users need to only be notified if there are non-mandatory cookies. So, this PR's current behavior sounds like it should be OK. One final note. It appears this PR is currently failing some tests/specs |
References
Description
Migrated the cookie consent functionality from Klaro to Orejime, because of better accessibility and maintenance.
Instructions for Reviewers
All references to Klaro have been renamed to Orejime. Klaro has been removed from the
package.json
file and its config has been modified to be accepted by Orejime (which needs a similar, but not quite the same, config file).Since Orejime needs a URL for the privacy policy, this is now mandatory.
Orejime does not allow raw HTML as text, so the i18n files have been changed accordingly.
Orejime has less strings than Klaro, so a lot of i18n strings are now obsolete and have been removed.
List of changes in this PR:
To review this PR. try to use the Orejime's cookie banner as if it was the Klaro's one. Remember to add a cookie to the configuration in order to test the banner when there is a new cookie to accept/decline.
Checklist
This checklist provides a reminder of what we are going to look for when reviewing your PR. You do not need to complete this checklist prior creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!
main
branch of code (unless it is a backport or is fixing an issue specific to an older branch).yarn lint
yarn check-circ-deps
)package.json
), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.