'How to block cookies until consent is given with Javascript [duplicate]

My company has given me the task of creating a cookie consent package that can be included in any of our different Javascript single-page applications as easily as possible.

The part which is holding me back is the part that actually blocks cookies being set before consent is given....is there a way to do this with javascript?

After a lot of research, I feel like my best option is, after cookies have been set, loop through them all and save the information from each (maybe in another cookie or some other method I haven't really thought of yet) and then wait for the user to agree to their use before re-enabling them.

I have questions about this though...

Firstly, is there a way to prevent the cookies from being set using the only javascript? There are many applications here that this would apply to and each of their cookie situations is different so I feel like this would be the best option. Prevent them from being set and then being able to list out which ones are essentially requested to be set so the user can choose whether or not to accept them.

If this above is not possible I would like to go with my idea of removing them after having been set and then re-enabling them as the user would like however, once the cookie has been set, has the damage been done? Am I already violating GDPR by doing this? If I am not and this is OK, would it even work? The cookie would be re-set by me and not the original script so I feel like that may cause some issues?

Thanks

javascriptcookiesecmascript-6


Solution 1:[1]

Firstly, is there a way to prevent the cookies from being set using the only javascript?

No.

If this above is not possible I would like to go with my idea of removing them after having been set and then re-enabling them as the user would like however, once the cookie has been set, has the damage been done?

The damage has probably be done, but more importantly this is likely impossible.

Client-side JS can only remove cookies which are:

  • not HTTP only
  • not from a different origin

Unless you have consent, don't set the cookies in the first place. If the cookie is coming from a third party, don't load the resource (generally this will be <script src="third party url">) until you get consent.

Do read the GDPR regulations carefully. They are often misinterpreted to be about "cookies" but they don't cover all cookies and do cover things which are not cookies.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?