New Cookies banner #2411
New Cookies banner #2411
Conversation
luisramos0
force-pushed
the
cookies_banner
branch
6 times, most recently
from
9b45b42 to
195ba5e
Compare
| @@ -28,7 +28,7 @@ dialog, .reveal-modal { | |||
| // Medium and up - when modal IS NOT full screen | |||
| @media only screen and (min-width: 641px) { | |||
| top: 10%; | |||
| max-height: 120%; | |||
| max-height: 100%; | |||
There was a problem hiding this comment.
@mkllnk sorry, I forgot to explain this one!
I changed it to 100% so that the modal is never outside the viewport. Allowing a height over 100% makes content go outside the viewport without scrollbars...
Thanks for the reference to #2055! I have just tested the registration process with this new value and it looks good according to my tests.
@HugsDaniel does this make sense to you? I see your comment here: #2055 (comment)
Why would you ever let max-height be bigger than 100%? That means you remove scroll bars and the content will not show. I think 100% is always the correct value, so that if the content doesn't fit, you get the scroll bars. That's how all modals should work. Is there an example where you think this 100% value will not work?
Thanks!
There was a problem hiding this comment.
I thought that the modal may be bigger than the screen, but then there will be scrollbars for the whole screen, not the model. And you can still scroll down. That avoids scroll bars within the modal which could be a double up (scroll screen + scroll modal) and look odd. But I'm actually not that familiar with the issue. There definitely needs to be a way of scrolling.
There was a problem hiding this comment.
I see. Well, I have retested the registration process and it looks good with max-height 100%: it makes the modal scroll, not the screen. I think this is fine. But lets wait for someone else's feedback.
Thanks!
There was a problem hiding this comment.
We'll see when we test but my experience of cookies banner is that you can scroll the page behind it but it doesn't scroll the modal. But for the registration process on modal you will definitely need to scroll as some modal pages have too many info to fit on small mobile screens... anyway I don't get the technical side so happy to see when we test what it looks like :-)
There was a problem hiding this comment.
Referencing PR #2544.
In summary, I discovered that there were issues with the JS modal library (angular-bootstrap) and the styles we are using:
- The 10px space at the top is actually intended to be 10% in the styles. The JS library is just treating it as px, I don't know if by design.
- There is a race condition between the -25% animation of the modal and
focus()in the JS library which causes the page to scroll up (if still possible). - Offset from the top plus the height of the modal (on any screen size) should not exceed 100%, or else some content could be hidden. The change of @luisramos0 decreasing
max-heightfor large screens from 120% to 100% is a big improvement. Fix top position, height, and scrolling with modals #2544 also addresses the lack ofmax-heightfor small screens.
I see that this is already merged. Maybe we can move discussion of the modal dimensions to #2544? I've just rebased it upon the updated master. I'll see how it affects the cookies policy modal, and also check #1766.
| @@ -0,0 +1,89 @@ | |||
| %h2 | |||
There was a problem hiding this comment.
When you introduce new user interfaces, it's helpful to add some screenshots to your pull request.
There was a problem hiding this comment.
Yes, I have now added links to the screenshots as a comment to this PR.
There was a problem hiding this comment.
yes, that makes sense. I have added links to all the screenshots below as a comment to this PR.
There was a problem hiding this comment.
Okay, I added that to the test steps of your PR description.
config/locales/en.yml
Outdated
| @@ -1270,8 +1270,33 @@ en: | |||
| footer_legal_tos: "Terms and conditions" | |||
| footer_legal_visit: "Find us on" | |||
| footer_legal_text_html: "Open Food Network is a free and open source software platform. Our content is licensed with %{content_license} and our code with %{code_license}." | |||
|
|
|||
| footer_legal_data_text: "We take good care of your data." | |||
| footer_legal_data_call: "See our" | |||
There was a problem hiding this comment.
I see why you split the text, but it makes it hard for translators to get the context. Depending on the grammar of the language, the link may also not be at the end of the sentence. I would do it like footer_legal_text_html:
footer_legal_data_statement_html: "We take good care of your data. See our %{cookies_policy}."There was a problem hiding this comment.
It would also be nice to refactor these translations to use lazy lookup. I know, you went with the existing structure and that's fine. But it's even better when we can do a bit of refactoring on the way and improve the code that touching the new things we want to build.
There was a problem hiding this comment.
I did it this way because, on the same sentence, there is a conditional. We have to display privacy URL if it is configured in the BO.
See footer_legal_data_privacy_policy here: 1e3b67d
With this in mind, I am not sure I can do what you suggest (in the requirements the privacy policy URL comes before the cookies policy in the sentence). Do you understand?
There was a problem hiding this comment.
In terms of lazy lookup, do you mean to move all footer translations (the ones from line 1223 on en.yml to line 1254) into the "shared" subfolder on en.yml (line 1077)? I think that's what you mean. Please confirm I'll do it.
There was a problem hiding this comment.
Maybe you could have both sentences in full as separate keys, and show either one based on the conditional instead of a split sentence.
There was a problem hiding this comment.
Yes, I think having both versions in full sentences is the best option.
There was a problem hiding this comment.
thanks for your feedback!
Agreed, I have made it 2 versions with the full sentence. Please have a look at the new version.
config/locales/en.yml
Outdated
| cookie_stripe_desc: "Data collected by our payment processor Stripe for fraud detection https://stripe.com/cookies-policy/legal. Not all shops use Stripe as a payment method but it is a good practice to prevent fraud to apply it to all pages. Stripe probably build a picture of which of our pages usually interact with their API and then flag anything unusual. So setting the Stripe cookie has a broader function than simply the provision of a payment method to a user. Removing it could affect the security of the service itself. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy." | ||
| disabling_cookies_header: "Warning on disabling cookies" | ||
| disabling_cookies_desc: "As a user you can always allow, block or delete Open Food Network’s or any other website cookies whenever you want to through your browser’s setting control. Each browser has a different operative. Here are the links:" | ||
| disabling_cookies_firefox_link: "http://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-que-los-sitios-we" |
There was a problem hiding this comment.
These are Spanish links in an English translation file?
There was a problem hiding this comment.
I have copied those from the feature specification... I have changes the urls to english ones now.
app/views/shared/_footer.html.haml
Outdated
| @@ -143,7 +143,11 @@ | |||
| %div | |||
| = t :footer_legal_data_text | |||
| = t :footer_legal_data_call | |||
| %a{'cookies-policy-modal'=> true, 'cookies-banner'=> @show_cookies_banner} | |||
| - if "#{Spree::Config.privacy_policy_url}" != "" | |||
There was a problem hiding this comment.
Why not - if Spree::Config.privacy_policy_url.present??
There was a problem hiding this comment.
Yes, fixed. Excuse my Ruby :-D
app/views/shared/_footer.html.haml
Outdated
| @@ -143,7 +143,11 @@ | |||
| %div | |||
| = t :footer_legal_data_text | |||
| = t :footer_legal_data_call | |||
| %a{'cookies-policy-modal'=> true, 'cookies-banner'=> @show_cookies_banner} | |||
| - if "#{Spree::Config.privacy_policy_url}" != "" | |||
| %a{href: "#{Spree::Config.privacy_policy_url}"} | |||
There was a problem hiding this comment.
Same here: %a{href: Spree::Config.privacy_policy_url} should work.
app/views/shared/_footer.html.haml
Outdated
| %a{href: "#{Spree::Config.privacy_policy_url}"} | ||
| = t :footer_legal_data_privacy_policy | ||
| = t :footer_legal_data_call_and | ||
| %a{'cookies-policy-modal'=> true, 'cookies-banner'=> @show_cookies_banner && ("true" == "#{Spree::Config.cookies_consent_banner_toggle}")} |
There was a problem hiding this comment.
Minor style note: missing spaces before =>.
| = preference_field_tag(:cookies_consent_banner_toggle, Spree::Config[:cookies_consent_banner_toggle], :type => Spree::Config.preference_type(:cookies_consent_banner_toggle)) | ||
| = label_tag(:cookies_consent_banner_toggle, t(:cookies_consent_banner_toggle)) + tag(:br) | ||
| .field | ||
| = label_tag(:privacy_policy_url, t(':privacy_policy_url')) + tag(:br) |
There was a problem hiding this comment.
Copy and paste error in t(':privacy_policy_url'), additional :.
| .row | ||
| .large-9.columns | ||
| %p | ||
| {{ 'legal.cookies_banner.cookies_usage' | t}} |
There was a problem hiding this comment.
These translations are actually under legal.cookies_policy. It would be better to use the lazy lookup and move the translations to the right place.
There was a problem hiding this comment.
These translations are not in legal.cookies_policy, they are in legal.cookies_banner, which is different. Or I may be missing something.
These are javascript translations in angular templates where I don't think we can use lazy lookup. Or I may be missing something... (if this is correct, we can't use lazy lookup in angular templates, I can add this detail to the i18n page).
There was a problem hiding this comment.
You are right. I just checked and this is correct. And since this is an Angular template, it needs to be translated through the t filter. Somehow my computer is not re-compiling the locale for Javascript and I get the missing translations. But that's not your fault. ;-)
luisramos0
force-pushed
the
cookies_banner
branch
from
09eb341 to
160bfb9
Compare
luisramos0
force-pushed
the
cookies_banner
branch
from
160bfb9 to
fda9018
Compare
|
Hey @mkllnk , thanks a lot for your review! I have fixed or commented on every point you mentioned. Please have a look. Thanks! |
luisramos0
force-pushed
the
cookies_banner
branch
3 times, most recently
from
07df781 to
83f5d8d
Compare
luisramos0
force-pushed
the
cookies_banner
branch
from
83f5d8d to
b6d463b
Compare
| @@ -28,7 +28,7 @@ dialog, .reveal-modal { | |||
| // Medium and up - when modal IS NOT full screen | |||
| @media only screen and (min-width: 641px) { | |||
| top: 10%; | |||
| max-height: 120%; | |||
| max-height: 100%; | |||
There was a problem hiding this comment.
I thought that the modal may be bigger than the screen, but then there will be scrollbars for the whole screen, not the model. And you can still scroll down. That avoids scroll bars within the modal which could be a double up (scroll screen + scroll modal) and look odd. But I'm actually not that familiar with the issue. There definitely needs to be a way of scrolling.
app/views/shared/_footer.html.haml
Outdated
| @@ -139,6 +139,12 @@ | |||
| %a{href:"https://github.com/openfoodfoundation/openfoodnetwork", target: "_blank"} GitHub | |||
| %p.text-small | |||
| = t :footer_legal_text_html, {content_license: link_to('CC BY-SA 3.0', 'https://creativecommons.org/licenses/by-sa/3.0/'), code_license: link_to('AGPL 3', 'https://tldrlegal.com/license/gnu-affero-general-public-license-v3-(agpl-3.0)')} | |||
| %p.text-small | |||
| %div | |||
| = t :footer_legal_data_text | |||
There was a problem hiding this comment.
These should be lazy lookup keys. They should be in en.shared.footer and referenced as:
= t '.legal_data_text'There was a problem hiding this comment.
👍 I have moved all translations in footer to shared/footer. please have a look at the new version. It feels good to clean up!
app/views/shared/_footer.html.haml
Outdated
| %div | ||
| = t :footer_legal_data_text | ||
| = t :footer_legal_data_call | ||
| %a{'cookies-policy-modal'=> true} |
There was a problem hiding this comment.
👍 fixed in the new version.
config/locales/en.yml
Outdated
| @@ -1270,8 +1270,33 @@ en: | |||
| footer_legal_tos: "Terms and conditions" | |||
| footer_legal_visit: "Find us on" | |||
| footer_legal_text_html: "Open Food Network is a free and open source software platform. Our content is licensed with %{content_license} and our code with %{code_license}." | |||
|
|
|||
| footer_legal_data_text: "We take good care of your data." | |||
| footer_legal_data_call: "See our" | |||
There was a problem hiding this comment.
Yes, I think having both versions in full sentences is the best option.
| @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base | |||
|
|
|||
| prepend_before_filter :restrict_iframes | |||
| before_filter :set_cache_headers # Issue #1213, prevent cart emptying via cache when using back button | |||
| before_filter :set_show_cookie_banner | |||
There was a problem hiding this comment.
Can we move this into a helper instead of adding code to the application controller? I don't think you need to persist the state and introduce a new variable.
There was a problem hiding this comment.
Do you mean we should move the method set_show_cookie_banner into a separate file app/helpers/cookies_banner_helper.rb?
In the ApplicationController we would still need the following 2 lines:
- helper CookiesBannerHelper
- before_filter :set_show_cookie_banner or helper_method :set_show_cookie_banner
Is this what you mean?
I am not sure what you mean with the "need to persist". Do you mean I should access request.cookies from the view directly? I don't think that would be good.
Thanks!
There was a problem hiding this comment.
Sorry for not being clear. I meant to remove all your additions from the ApplicationController and add a helper like this:
def show_cookie_banner?
request.cookies['cookies_consent'].nil?
endI find that a lot simpler than callbacks and an instance variable. But I'm also not the biggest rails pro. Are there other opinions, @Matt-Yorkley @sauloperez?
There was a problem hiding this comment.
Personally, I'm not a fan of callbacks either and I dislike having ivars in views. Both lead to a global state that is very hard to manage in the long run.
I would go with @mkllnk suggestion and call that show_cookie_banner? straight from the view.
There was a problem hiding this comment.
awesome, thanks for the advise guys. I have removed everything from applicationcontroller and also removed a few things from api/cookies_consent_controller and added the cookies logic to the new and beautiful cookies_consent_helper.
It feels this helper is ok like this BUT it's quite obvious this should not be a helper, it should be a Service. Where would our service layer live? In this specific case, for example, where would a service like CookiesConsentService be in terms of folders?
Thanks!
There was a problem hiding this comment.
There is currently the choice between app/services and lib. We haven't agreed yet which approach is better. And while you are right that application logic should go into a service object, I find it okay to leave a one-liner in the helpers. You need the helper anyway to call the service object and pass on the request variable.
app/views/shared/_footer.html.haml
Outdated
| = t :footer_legal_data_cookies_policy | ||
| %p.text-small | ||
| %a{ng: { controller:'CookiesBannerCtrl', click: 'deleteCookiesConsent()' }} | ||
| = 'delete consent cookie (for manual testing only)' |
There was a problem hiding this comment.
This doesn't look like something that should be in production code. Did you forget to remove it?
There was a problem hiding this comment.
I didn't forget about this. I just thought we would need this for manual testing. So that manual testers could delete the consent_cookie. BUT I just realised it's extremelly easy to delete a cookie in chromes dev tools on the "Application" tab. I have deleted this code now.
There was a problem hiding this comment.
I also find it extremely useful to open a private window, test something and then close it again. All cookies of the private window are gone after closing it. You can even do that on mobile.
| / insert_after "fieldset.security" | ||
|
|
||
| %fieldset.legal.no-border-bottom | ||
| %legend{:align => "center"}= t(:legal_settings) |
There was a problem hiding this comment.
Have you tried to use lazy lookup in deface files? It would be good to know if that works. I would just do t('.legal_settings') and then check the error message to see where it expects the key to be. We can then move all these strings into the right scope.
There was a problem hiding this comment.
yes, it works. Thanks for the hint!
I have added it to "add translations' here: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Internationalisation-(i18n)#development
I am now using lazy loading for these translations of the legal settings 👍
| .row | ||
| .large-9.columns | ||
| %p | ||
| {{ 'legal.cookies_banner.cookies_usage' | t}} |
There was a problem hiding this comment.
You are right. I just checked and this is correct. And since this is an Angular template, it needs to be translated through the t filter. Somehow my computer is not re-compiling the locale for Javascript and I get the missing translations. But that's not your fault. ;-)
|
I found that the layout is not ideal for every window size. It is possible that the accept button is not visible and I can't scroll. |
luisramos0
force-pushed
the
cookies_banner
branch
4 times, most recently
from
9ab5a51 to
3e6ff42
Compare
|
Hi @mkllnk thanks again for you re-review :-D I have fixed the layout issue by improving the media queries. |
| // @media only screen and (max-width: 400px) { | ||
| // overflow: hidden !important; | ||
| // } | ||
| //} |
There was a problem hiding this comment.
Any reason to keep this comments? I'd remove them.
| end | ||
|
|
||
| def show | ||
| render json: { cookie_consent: !cookies[@cookie_name].nil? } |
There was a problem hiding this comment.
the key? method might be a bit easier to understand than nil? plus a negation.
There was a problem hiding this comment.
Yes, thanks. Done. #learning_ruby
There was a problem hiding this comment.
Of course! and Ruby has plenty of methods like this one in its standard library.
| def initialize | ||
| super | ||
| @cookie_name = 'cookies_consent' | ||
| end |
There was a problem hiding this comment.
I wouldn't override the constructor to avoid coupling with Rails internals. Keep in mind it belongs to the framework and it might change in future versions and receive any kind of low-level optimizations that could break this controller.
Also, I think what you're trying to achieve is better suited as a constant. Like
COOKIE_NAME = 'cookies_consent'.freezeThere was a problem hiding this comment.
Yes, thanks. Done. #learning_ruby
| @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base | |||
|
|
|||
| prepend_before_filter :restrict_iframes | |||
| before_filter :set_cache_headers # Issue #1213, prevent cart emptying via cache when using back button | |||
| before_filter :set_show_cookie_banner | |||
There was a problem hiding this comment.
Personally, I'm not a fan of callbacks either and I dislike having ivars in views. Both lead to a global state that is very hard to manage in the long run.
I would go with @mkllnk suggestion and call that show_cookie_banner? straight from the view.
luisramos0
force-pushed
the
cookies_banner
branch
2 times, most recently
from
278670b to
5d4b7f5
Compare
|
So... in conversation with Pau, I thought that this would be a wonderful opportunity to introduce the Rails Engines strategy to modularize OFN (see here). In the context of this PR, that means we would see the birth of the first OFN engine (or OFN module) called Web (see discourse above for names of the modules) that would contain, for now, some of the cookies logic required for this feature. @mkllnk @Matt-Yorkley @sauloperez @enricostano @HugsDaniel Thanks in advance for your help! UPDATE:
|
luisramos0
force-pushed
the
cookies_banner
branch
from
5d4b7f5 to
d6be91e
Compare
…age, cookies banner and privacy policy link
…page to improve UX on mobile
…es from the server, instead of precompiled assets. This was used to fix a problem with the cookies policy page template that was using a Spree configuration
This avoids asset compile errors like this one: Sass::SyntaxError: Undefined variable: "$disabled-light".
|
Staged on https://staging1.openfood.com.au/. |
|
Ok, so I couldn't prevent myself from testing that even if I'm on holidays ;-) I saw 4 things to improve before we can consider the feature as done, but none of them for me prevents merging, so I propose to merge and open issues for the 4 following issues: I propose to merge this, and when I'm back from holidays I will good deeper in each things to improve and open the issues so that we finish the feature. Meanwhile @luisramos0 now that the Matomo setup and this are going to be merged you can add the opt-out option from Matomo ;-) Can we make sure that default behavior is that checkbox "display cookie banner" is disabled before merging? I wouldn't want the Australian to have a banner popping up that they don't want... @mkllnk @luisramos0 @Matt-Yorkley I had a doublt while testing as by default I could see the banner first time I landed on staging. Please check before merging 🙏 |
|
Awesome, thanks a lot @myriamboure 1- yes, we can increase font size re default value, good point :-D |
| render json: { cookies_consent: cookies_consent.exists? } | ||
| end | ||
|
|
||
| def create |
There was a problem hiding this comment.
@luisramos0 Why do we request the server to set a cookie? Can't we just do it via Javascript? https://docs.angularjs.org/api/ngCookies/service/$cookies That could be a lot simpler and faster.
There was a problem hiding this comment.
An e-commerce website should only use httponly cookies that cannot be set by the browser. It's a simple security measure to avoid a million types of XSS attacks. That's why you should always go around to the server like here.
BUT in the end, I forgot to actually set it to httponly, which is as simple as adding a line like this to the cookie setting statement:
:secure => true
Maybe I should create a new issue to make this a secure cookie? What do you think?
There was a problem hiding this comment.
Wow, thank you for that insight. Even though it's not crucial for this cookie, we should definitely use HttpOnly cookies everywhere. Go ahead and create that issue.
I didn't, but someone must have done it. I just re-staged which is resetting the database and I can't see a banner. Should be all good! |
|
I just deployed that to Aus production. No cookie banner visible. :-) |
|
Hurray, live! @sigmundpetersen That's it. They should all be done and closed (apart from the points mentioned by Myriam that will be handled on separate new issues). I'd let Myriam confirm and close those issues when she is back. |
| background: $dark-grey; | ||
| bottom: 0; | ||
| position: fixed; | ||
| top: 20vh !important; |
There was a problem hiding this comment.
What browser versions do we aim to support? I happened to check this recently: https://caniuse.com/#feat=viewport-units
There was a problem hiding this comment.
good point. I used it because it was already being used somewhere else!
Maybe we switch to %? https://github.com/openfoodfoundation/openfoodnetwork/wiki/Code-Conventions
Feel free to add stuff to this page above. You can add rules you think we should follow and then we discuss/validate.
There was a problem hiding this comment.
I don't think we have a set of supported browsers. It would be good to create that list though. I'll post something in Slack.
Did you fix it already? I was not sure while reading it. Let me know I'll open an issue if not fixed yet. |
|
Ok I opened the remaining issues, just didn't table modal as it seems pretty ok actually when I retested, l et's see after Kristina has finished the work she is doing on modal how it looks like for the cookie policy page ;-) |
|
ok, thanks @myriamboure We also have:
Can we close this PR and move the overall conversation, if any, to the epic #2242? |
|
It is merged already, so let's discuss on epic now yes ;-) The list you made is on the epic btw, if you look at all issues attached below main thread ;-) |
|
yes, zenhub is nice :-) I like to do these summaries for clarity. |
What? Why?
Closes:
Added footer link and cookies policy page.
New cookies banner toggle and new cookies banner with accept cookies button working.
Privacy URL BO setting and respective link on footer also added as part of this PR: issue 2406.
New darkswarm folder cookie_policy with directive, controller, service, template and styling.
What should we test?
Cookies Policy Modal
The footer link to the cookies policy page should always open the modal.
The modal should describe cookies and show the correct instance domain name.
On clicking the X or pressing Escape key in the cookies policy modal, the modal should close and user should be back to the page she was.
Also,
Same behaviour on mobile, all cookie policy parts should be readable.
Cookies Banner
New cookie banner with "accept cookies" button and link to cookie policy page.
New footer entry with link to privacy policy URL.
New legal settings in BO with cookie banner toggle and privacy URL.
This new banner also needs to be tested on mobile.
Modals
This change affects the max height of all modals. The registration process should be tested while changing the browser window size to see if it looks okay with different sizes.
Release notes
New cookies policy link in footer and new cookies policy modal with details about the cookies used on the website.
New cookie banner with "accept cookies" button and link to cookie policy page.
New footer entry with link to privacy policy URL.
New legal settings in BO with cookie banner toggle and privacy URL.