Jump to content

Extension:CookieConsent

From mediawiki.org
MediaWiki extensions manual
CookieConsent
Release status: beta
Implementation User interface
Description Adds a GDPR-compliant cookie warning and preferences dialog
Author(s) Marijn van Wezel (Wikibase Solutions)
Latest version 0.2.0 (2024-11-05)
Compatibility policy Master maintains backward compatibility.
MediaWiki >=1.35.3
PHP >=7.4
Database changes No
License GNU General Public License 2.0 or later
Download
Translate the CookieConsent extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The CookieConsent extension adds a GDPR-compliant cookie warning and preferences dialog, informing users about the wiki's cookie usage and allowing them to choose which categories of cookies to accept.

Usage

[edit]

After installing the CookieConsent extension, it is enabled immediately. However, additional set-up is required to correctly block cookies when no consent has (yet) been given. This can be done either in JavaScript (for cookies set in JavaScript) or in PHP (for cookies set in PHP). CookieConsent provides a number APIs to make this easier.

Blocking scripts from loading

[edit]

Scripts that set cookies can be prevented from loading by setting their type to text/plain. To ensure the scripts are loaded again when consent is granted, you must add the attribute data-cookieconsent containing the names of the categories for which the script needs to be activated again when consent is given for any of the specified categories. The names of these categories correspond to the keys in $wgCookieConsentCategories. For example, to activate a script only when consent for marketing cookies is given, use the following syntax:

<script type="text/plain" data-cookieconsent="marketing">
console.log("Consent for marketing cookies is given.");
</script>

To active a script when consent for either marketing or preference cookies is given, use the following syntax:

<script type="text/plain" data-cookieconsent="marketing,preference">
console.log("Consent for marketing, preference or both cookies is given.");
</script>

Blocking iframes from loading

[edit]

You can block iframes from loading by changing the src attribute to data-src and, similarly to blocking scripts, adding the data-cookieconsent attribute. For example, to load an iframe only when consent for statistics cookies is given, use the following syntax:

<iframe data-src="stats.example.com" data-cookieconsent="statistics" />

window.cookieConsent API

[edit]

CookieConsent provides a number of functions under window.cookieConsent to interact with the consent dialog and check whether consent is given.

window.cookieConsent.openSimpleDialog()
Opens the simple (initial) consent dialog.
window.cookieConsent.openDetailedDialog()
Opens the detailed consent dialog for managing individual categories.
window.cookieConsent.isDimissed()
Whether the dialog has been dismissed before.
window.cookieConsent.isConsentGiven(categoryName)
Whether consent is given for categoryName.

PHP API

[edit]

CookieConsent provides a simple service, CookiePreferences, to programmatically check in PHP whether consent for a cookie category is given. For example:

use MediaWiki\Extension\CookieConsent\CookieConsentService;
use MediaWiki\Extension\CookieConsent\CookiePreferences;

// True if and only if consent for "marketing" cookies is given.
$isGranted = CookieConsentServices::getCookiePreferences()->isConsentGranted( CookiePreferences::COOKIES_MARKETING );

Configuration

[edit]

Configuration parameters

[edit]

The following configuration options are available:

Configuration Default Description
$wgCookieConsentCategories
[
    "preference" => [
        "namemsg" => "cookieconsent-category-name-preference",
        "descriptionmsg" => "cookieconsent-category-desc-preference"
    ],
    "statistics" => [
        "namemsg" => "cookieconsent-category-name-statistics",
        "descriptionmsg" => "cookieconsent-category-desc-statistics"
	],
    "marketing" => [
        "namemsg" => "cookieconsent-category-name-marketing",
        "descriptionmsg" => "cookieconsent-category-desc-marketing"
    ]
]
An associative array containing the cookie categories your wiki uses. This allows the administrator of the wiki to remove categories their wiki does not use, or add additional custom categories. It also allows the administrator to rename categories.

The key of the array is the (internal) name of the category, and the value an associative array containing the name and description of the category as displayed to the user. The array recognizes the following keys:

  • namemsg: The name of the system message containing the name of the category (note: this must be a system message defined by CookieConsent).
  • name: The name of the category.
  • descriptionmsg: The name of the system message containing the description of the category (note: this must be a system message defined by CookieConsent).
  • description: The description of the category.

System messages

[edit]

If you would like to change the text shown in the banner, you can edit the following pages:

  • MediaWiki:Cookieconsent-simple-dialog-content: The content of the dialog shown when the user first opens the wiki.
  • Mediawiki:Cookieconsent-detailed-dialog-intro: The top text shown in the detailed consent dialog.
  • MediaWiki:Cookieconsent-detailed-dialog-outro: The bottom text shown in the detailed consent dialog.
The messages should contain a valid link to a privacy policy to be GDPR-compliant.

Installation

[edit]
  • Download and move the extracted CookieConsent folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CookieConsent
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'CookieConsent' );
    
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
[edit]

See also

[edit]
  • Extension:CookieWarning - Provides a simpler, less intrusive, but GDPR-incompliant cookie warning at the bottom of the page.