[Koha-bugs] [Bug 27378] Enable compliance with EU Cookie Legislation via cookie consent

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Jul 11 19:01:31 CEST 2023 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27378

--- Comment #157 from Matt Blenkinsop <matt.blenkinsop at ptfs-europe.com> ---
(In reply to Katrin Fischer from comment #143)
> Overall this is mostly small stuff, apart from 9) maybe!
> 
> We'll also need some good documetnation, but the test plan in comment 121 is
> a good start.
> 
> 1) Perltidy
> 
> Should we perltidy the new files at least? 

I've run perltidy for JSConsents.pm.

> 
> 2) System preferences - sysprefs.sql
> 
> sysprefs.sql is supposed to be alphabetic (being a librarian, this is not
> acceptable! ;) )

Fixed :)

> 
>  ('ConfirmFutureHolds','0',...
> +('CookieConsentedJS', '', NULL, 'Add ...
>  ('ConsiderOnSiteCheckoutsAsNormalCheckouts',...
>  ('ContentWarningField', '',...
> +('CookieConsent', '0', NULL...
> 
> 3) System preferences - YAML
> 
> a)
> +         - pref: CookieConsent
> +           choices:
> +               yes: Require
> +               no: "Don't require"
> +         - cookie consent to be displayed
> 
> Should be 1 and 0. (blocker)

Fixed

> Should we rephrase a bit?

Re-written as per below

> ... cookie consent to be displayed in the OPAC and staff interface.
> 
> Question: Could it be interesting to make this OPAC only in the future?
> 
> b) Add Javascript code that will run if cookie consent is provided (e.g.
> tracking code).
> 
> Should we rephrase this a little?

Re-phrased as per below

> Run the following JavaScript if cookie consent was provided (e.g. tracking
> code):
> 
> 
> 3) Add to cookie documentation please 
> 
> https://wiki.koha-community.org/wiki/Use_of_Cookies 
> 
> For OPAC and staff interface.

Done

> 
> 4) Translatability (blocker)
> 
>           '    <a class="consentDelete" data-target="' + id + '"
> href="#">Delete</a>' +

Fixed 

> 
> 5) Test plan and comments
> 
> Giving that this is an old development there are quite some inconsistencies
> in what is the final product and what is mentioned in the commit messages.
> Like we started out with 4 prefs and now 2 are HTML customizations. Some
> squashing and clean-up could be really helpful I think.
> 
> But: great updated test plan in comment 121 !

I've squashed the original commits into one to remove the confusing messages.
I've also consolidated the accessibility fixes into one commit and combined a
couple of other similar commits to try and prevent duplication


> 
> 6) Display issues
> 
> a) In the OPAC, the cookie banner overlaps and blocks access to the language
> selection at the bottom. If you have them at the top too, that's ok, but
> some libraries prefer one over the other ( OpacLangSelectorMode  = only
> footer ).

Fixed - it will now sit above the language selection when visible

> 
> b) In the staff interface we have the language chooser in front, cutting off
> a bit of the "Accept all cookies" button.

Fixed as per above solution

> 
> c) In the OPAC readability (font color and size) is good, but in the staff
> interface it's much less readable. 

It currently just uses the default bootstrap class as in the rest of Koha,
could this be a problem elsewhere?

> 
> 
> 7) Patron account  
> 
> a) It doesn't appear to be possible to revoke the general cookie consent?

Do you mean consent to all cookies including for example the session id? Giving
this option could lead to issues with using Koha, we would probably need to be
specific about which cookies this would delete

> 
> b) The contrast on the yellow "Accept selected non-essential" cookies seems
> bad (greyish font color on yellow background)

It currently just uses the default bootstrap class as in the rest of Koha,
could this be a problem elsewhere?

> 
> c) Should the button read "View and update..."?
> 
> d) I cannot close/cancel the modal without making a change. Clicking
> outside, pressing ESC, nothing works. We shoudl have a "Cancel" link. This
> is also true when using the "your cookies" link for a non-authenticated user.

I've added a cancel button that now closes the modal

> 
> 
> 8) Visibility OPAC/staff 
> 
> a) I checked one of the cookies for only OPAC and one only for staff
> interface. I still see all 3 cookies in the pop-up in both OPAC and staff
> after clearing local storage.
> 
> b) This might be related: test2 is my "staff only" cookie. It's unchecked in
> the view, but it still gets added every time I refresh any OPAC page.
> Same for my "opac only" cookie: it's always added in staff interface on page
> reload.

For points A and B I've added some filtering into the call for the cookies
code. This was missing previously so all cookies were being provided to both
the OPAC and the staff client. This should now be fixed
> 
> c) Where can staff view and alter their cookie consents?

I've added a "My Consents" option under the user menu dropdown in the top right
hand corner. This opens the modal and allows staff to review their consents


Hopefully I've addressed everything, let me know if there are any further
comments!

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list