Comments (3)
After doing some research, it seems like the way forward is to lose the cookie services and implement a simple solution using https://www.npmjs.com/package/react-cookie-consent.
Preventing the cookies to load before the user consents is relatively straightforward.
This example prevents anything but the __session cookie - which is something we want.
from trance-stack.
So at the heart of the issue is a trade-off between an easy to maintain cookie consent form and good security.
Seems like the nonce-based CSP is something most consent providers can't deal with, so we need to get creative. I'm tempted to take the brute-force approach and only conditionally render the analytics scripts based on the user's consent. This would potentially mean that the first visit gets missed by hotjar and google but at least we'll be compliant AND XSS-safe
from trance-stack.
Well this has blown up big time but we've figured it out... Here's the conclusion:
https://github.com/meza/trance-stack/blob/main/docs/adr/0013-custom-cookie-consent.md
from trance-stack.
Related Issues (14)
- Dependency Dashboard
- Manual approval required for workflow run 4266224907 HOT 1
- Add the git initialization to the initscript
- Update code of conduct HOT 1
- Color Mode Switcher HOT 1
- v2 Meta API HOT 1
- Add Chromatic support HOT 1
- Install error due to sentry HOT 2
- Remove unsupported css nesting HOT 1
- Action Required: Fix Renovate Configuration
- Misleading error message when `lefthook` not installed HOT 1
- `npm prepare` prevents installation without a git repo HOT 1
- `npm run dev` does not work due to esm HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trance-stack.