canonical / cookie-policy Goto Github PK

Summary

• Fire up Safari on El Capitan (or Browserstack) and open site on Safari v9
• Reduce screen resolution to small screen
• Refresh screen
• Cookie banner function is breaking global nav
• See (3rd error in console):

This module loads the entire base styles from vanilla (vf-base) which includes the embed of a number of fonts. This is bloating sites and should not include fonts but us the parent sites font.

The consent banner currently auto-hides after some time. This behavior needs to be changed according to new guidelines:

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf

Please update Cookie policy - cn from the copy doc

Could we create a Chinese language version of the policy (also Japanese)?

Change the expiration of the cookie from a day to a year.

There is quite a lot of unnecessary grid related CSS in built file (like: [grid-demo] [class*="col-"]{background:#cdcdcd;margin-bottom:1rem} ...) leaking from Vanilla.

It was already fixed in Vanilla itself, so quite likely rebuilding with newer version should fix that.

Summary

The cookie UI isn't very usable on iOS Safari

Current and expected result

When the user scrolls down and attempts to tap the 'save preferences' button, the app thinks the user is trying to use the bottom bar of Safari and blocks the tap.

Screenshot

Browser details

iOS (latest stable) Safari (latest stable).

cookie-policy project seems to still be using CircleCI for building and checking PRs.
Most of our projects were migrated to GH Actions already.

In version 2.x we set the cookie to the value of "true" when accepting the cookie policy. With the new regulations, we need to force users to re-review the new options. Therefore simply checking the existence of the cookie does not suffice.

Cookies with the value of "true" should also invoke the cookie policy notification.

At the moment we have accept and manage we should add a quick button to reject cookies.

Either remove the href from the button or turn it into a a in the README.

We do this https://github.com/canonical-web-and-design/cookie-policy/search?q=aria-hidden
and https://web.dev/measure/ is complaining about it.

We should tie the notification pattern to Vanilla framework instead of copying the pattern in. This will help maintain the styling in the future.

When used in the jaas.ai project the styles included by cookie-policy.scss contain generic classes and are overriding the styles for p tags etc.

See: canonical/jaas.ai#250 and my fix here: https://github.com/canonical-web-and-design/jaas.ai/pull/260/files

The current cookie policy would be improved by making it a web component, removing problems of local styles on the site effecting the display of the cookie policy.

This would also mitigate the problem of mismatched Vanilla Framework versions - for example in #14

Please convert this project to a Web component project. Using Shadow Dom to encapsulate the markup and scoped styles and is. Create a custom element taking some customising attr.

Update the usage documentation.

Bump a major version.

We might want to remove any form of analytics on the data-privacy page since the cookie policy links to this page if I didn't accept yet the tracking.

The text should either flow to the full width or the container shouldn't be as wide.

Maybe there's a reason, if so please ignore this, but...

Wouldn't it be better to make the dialog cover the content underneath? As it stand it leaves a couple of characters visible on one side (in this particular example) and looks strange. Also the hr extends further to the right so the dialog feels off center (due to differences in padding on the sidenav and main content I assume).

cookie-policy includes it's own version of Vanilla and builds its own separate stylesheet with it.
When used in a project that also has Vanilla this means there are 2 Vanilla stylesheets on one website. This can cause issues when these versions don't match.

This happened recently with (fairly unnoticable) issue with modal spacing:

Caused by the fact that cookie-policy is using older version of Vanilla than the websites.
The issue above will be fixed by merging renovate PR #127, but renovate only updates cookie-policy once a month, so this leaves quite a large window of possibly broken experience.

Ideally cookie-policy should not include its own version of Vanilla and rely on version in the project.

We could also update renovate config here to make sure Vanilla is updated immediately when released.

Cookie “_cookies_accepted” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

The background scroll lock is not always working and I believe the following steps should fix it:

1. The scroll-lock class should set the height and width of the body to the height and width of the viewport
2. The default dialog style should be overwritten. Currently it is not and it appends a square to the end of the page
   

This issue provides visibility into Renovate updates and their statuses. Learn more

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update all dependencies (@babel/core, @babel/preset-env, circleci/node, eslint, rollup, sass, stylelint, stylelint-config-standard, stylelint-order, vanilla-framework)

• Check this box to trigger a request for Renovate to run again on this repository

We should update the path when setting a cookie to root so the cookie is scoped to the entire site.

This would mean users can just install the package, call it and be done.

Add the ability to set a number of seconds before the notification self destructs.

There were significant changes to patterns used in the cookie policy in V1.8.0 of Vanilla Framework. The dependency should be updated to reduce problems when using the plugin on sites with newer versions of VF.

Can we change the initial page 'Your tracker settings' to open like the second page does, as a non-dismisable, screen centred modal with the background greyed out.

Hopefully this will get more users to acknowledge the policy.

It was pointed out that it would be better for people that want to decline cookies. If they could set that from the notice instead of coding manage and scrolling all the way down.

It'd be nice to create an example flask project, similar to the ones we usually have, to test that this package works.

This way, we could also include github actions to test dependency updates

Now it is published manually: https://www.npmjs.com/package/cookie-policy

When you visit a site that has the cookie policy modal displayed you should be able to tab to the buttons and action them with your keyboard. Currently you have to tab through the whole document behind the modal before the focus eventually gets to the modal buttons.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

The essential selection is not saved anymore. This means people see the colour policy every page visit.

To Reproduce

1. Visit ubuntu.com clear your cookies and refresh.
2. Click manage cookie preferences.
3. Do not select any and save so accepting essential cookie.
4. Refresh the page and see the colour policy appears again.
5. Check there is no _accept_cookie cookie set.

Expected

1. Accepting no extra policy should set the cookie to the value of essential