'How to block cookies until consent is given with Javascript [duplicate]
My company has given me the task of creating a cookie consent package that can be included in any of our different Javascript single-page applications as easily as possible.
The part which is holding me back is the part that actually blocks cookies being set before consent is given....is there a way to do this with javascript?
After a lot of research, I feel like my best option is, after cookies have been set, loop through them all and save the information from each (maybe in another cookie or some other method I haven't really thought of yet) and then wait for the user to agree to their use before re-enabling them.
I have questions about this though...
Firstly, is there a way to prevent the cookies from being set using the only javascript? There are many applications here that this would apply to and each of their cookie situations is different so I feel like this would be the best option. Prevent them from being set and then being able to list out which ones are essentially requested to be set so the user can choose whether or not to accept them.
If this above is not possible I would like to go with my idea of removing them after having been set and then re-enabling them as the user would like however, once the cookie has been set, has the damage been done? Am I already violating GDPR by doing this? If I am not and this is OK, would it even work? The cookie would be re-set by me and not the original script so I feel like that may cause some issues?
Thanks
Solution 1:[1]
Firstly, is there a way to prevent the cookies from being set using the only javascript?
No.
If this above is not possible I would like to go with my idea of removing them after having been set and then re-enabling them as the user would like however, once the cookie has been set, has the damage been done?
The damage has probably be done, but more importantly this is likely impossible.
Client-side JS can only remove cookies which are:
- not HTTP only
- not from a different origin
Unless you have consent, don't set the cookies in the first place. If the cookie is coming from a third party, don't load the resource (generally this will be <script src="third party url">
) until you get consent.
Do read the GDPR regulations carefully. They are often misinterpreted to be about "cookies" but they don't cover all cookies and do cover things which are not cookies.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 |