/gdpr-cookie

A jQuery plugin to manage cookie settings in compliance with EU law

Primary LanguageJavaScriptMIT LicenseMIT

GDPR 🍪 jQuery plugin

Inspired by ihaveacookie.

A jQuery plugin that displays a GDPR-compliant cookie consent message as required by EU regulation. The plugin displays a message when a visitor first visits your website and, by default, again 30 days after their last visit.

GDPR-cookie in action

The visitor must click the accept button in order for consent to be granted, as is required by EU regulation. No cookie set means no consent, which means your site is only allowed to set essential cookies.

Installation

Several ways to obtain this plugin.

Plain download

You can download a release or an archive and place it where you want in your project.

NPM

Install via NPM:

npm i gdpr-cookie

Yarn

Install via Yarn:

yarn add gdpr-cookie

Bower

Install via Bower:

bower install gdpr-cookie

Meteor

Install via Meteor:

meteor add thany:gdpr-cookie

Usage

If your site already uses jQuery, make sure it's at version 1.7.4 or later. jQuery 2.x and 3.x will also work fine. Not using jQuery yet? Download jQuery and choose whichever method suits you best to include it on your site.

Download the latest version of gdpr-cookie and place it in your html, like so:

<script src=/path/to/gdpr-cookie.js></script>

You can also use AMD or CommonJS, which makes it easier to choose and use a packager like Webpack or Rollup to bundle your stuff.

After that you can initialize the script like so:

$.gdprcookie.init();

This will give you the default options.

Styling

The plugin by itself does not do any styling. You are responsible for making the popup look good. It's going to look different on each website anyway, but if you need some sort of starting point, you could have a look at gdpr-cookie.css which is also included when you download this plugin.

Settings

Settings can be added in two ways. One way is 'the jQuery way' by passing it into the plugin call, like so:

$.gdprcookie.init({
    title: "...",
    message: "..."
    // etc.
});

Alternatively, you can put the settings in a global variable. This is useful when a server outputs these texts, e.g. for globalization/internationalization purposes. This way you can keep the main plugin call in your separate javascript file. Works like this:

<script>
    window.GdprCookieSettings = {
        title: "...",
        message: "..."
        // etc.
    };
</script>

You can also combine the two, to keep functional settings separate from localization.

title

The title that will be rendered at the very start of the popup. It'll be rendered as a <h1> tag. No html is allowed. Default is "Cookies & privacy".

subtitle

The title that will be rendered above the checkboxes after pressing the customize button. It'll be rendered as a <h2> tag. No html is allowed. Default is "Select cookies to accept".

message

A passage of text that can serve as an introduction and a means to include a link to your privacy policy. Html is allowed. Default is a long text. You'll want to set this option for sure.

delay

A delay in milliseconds to wait until displaying the popup after the page has loaded (meaning the DOMContentReady event, a.k.a. jQuery's document-ready). This delay is not applied when manually displaying the popup. You can supply a value of 0 to disable any delay. The default is 2000.

expires

The time in days for the cookie expiry. This means the cookie that remembers what the visitor has chosen. Cookies you set, are unaffected. Default is 30 days.

cookieName

The name of the cookie to write to. Any characters forbidden in a cookie name (as per the specification) will automatically be removed. Default is "cookieControlPrefs".

acceptReload

Whether or not to reload the page after the user presses the accept button. Default is false.

acceptBtnLabel

Label for the accept button. No html is allowed. Default is "Accept cookies".

advancedBtnLabel

Label for the customize button. No html is allowed. Default is "Customize cookies".

customShowMessage

Callback function for when to show the popup, if you're not satisfied with the default fadeIn.

customHideMessage

Callback function for when to hide the popup, if you're not satisfied with the default fadeOut. If you supply this callback, you are responsible for removing the popup from the DOM!

customShowChecks

Callback function for when to show the checkboxes, if you're not satisfied with the default slideDown.

cookieTypes

An array of objects containing the types of cookies you need to specify. Each object has three properties:

type - A title to show on the label next to the checkbox.
value - A unique name for the type of cookie (e.g. "essential", "marketing", etc).
description - An optional description that will be rendered in the title attribute of the correcponding <label>. checked - A boolean determining if the cookie type is checked by default.

Events

A set of events are available that will be triggered on the <body> element. And you can catch them for some extra control, logging, or customization.

You can use them as follows:

$("body").on(eventName, function() {
    // Do something...
});

gdpr:show

Triggered when the popup is shown. Either manually or on page load.

gdpr:accept

Triggered when the visitor presses the accept button.

gdpr:advanced

Triggered when the visitor presses the customize button.

Methods

The following methods exist for some extra control.

$.gdprcookie.preference()

Returns an array of values, which are the ones specified in settings.cookieTypes, that the visitor has chosen to accept. This array is empty when the visitor hasn't pressed the accept button yet.

$.gdprcookie.display()

Manually displays the popup, e.g. for visitors to change their preferences. It's considered good practice to include a link to this somewhere on your site.

Cookie

When the visitor presses the accept button, the cookie cookieControlPrefs (name can be customized) will contain an array of accepted cookie types e.g. ["preferences", "analytics"]. This will enable you to perform additional checks where necessary within your application with regard to GDPR regulations. These cookies are accessible by the server as well, enabling you to choose whether or not to render certain passages of code that do or don't comply with the visitor's preferences.

Conditionally render

One of the things you'll want to do, is conditionally render passages of html that do or don't comply with the visitor's preferences. I'd advice you to completely omit the html that doesn't comply, to make sure nothing of it gets loaded.

Here's one way to do it in pure javascript:

<script>if ($.gdprcookie.preference("marketing")) { document.write(`

    Some marketing html goes here

`); }</script>

However, since they are usually <script> tags, the end-tag of it needs to be escaped to something like </${''}script>. So it becomes:

<script>if ($.gdprcookie.preference("marketing")) { document.write(`

    <script>// Some marketing script goes here</${''}script>

`); }</script>

This uses template literals (note the ` backticks) to easily conditionally render multiple lines of html. Template strings are unavailable on Internet Explorer (but they are on Edge!).

With IE support

An alternative way is to use non-standard multi-line strings. When doing this, take note of which quote characters your marketing script contains, and don't use those. It might become something like this:

<script>if ($.gdprcookie.preference("marketing")) { document.write("\
\
    <script>// Some marketing script goes here</"+"script>\
\
"); }</script>

As you can see, this requires a \ at the end of each line, including empty lines. It also still requires </script> to be escaped to </"+"script> (or </'+'script>). Less comfortable and not in compliance with any ECMAScript standard, but at least this will work on Internet Explorer.

Frameworks

If you're using a frontend template framework, you're better off using that. There are many such frameworks, and each has its own way to conditionally outputting html. Not all support outputting <script> tags, but some do it just fine.

On the server

The best way to conditionally render a passage of html, is to do it on the server. That's what it does best. So, to take a random popular serverside scripting language, it might become something like this:

<?php if (gdpr_cookie_set('marketing')): ?>

    <script>// Some marketing script goes here</script>

<?php endif; ?>

It looks a lot cleaner. And it is. Other languages and other serverside template frameworks can do this in similar ways. Also, please note that the above function gdpr_cookie_set doesn't actually exist. You'll have to build something in your serverside script to check these cookies.

Changelog

See Changelog.

License

This plugin is available under the MIT license.

Credit

Credit where credit is due: this plugin is heavily inspired on ihavecookies by Ketan Mistry. I chose not to fork because of the heavy modifications I was planning to do.