Some issues and work-arounds

Resolved Kevin Burkholder
(@kevinburkholder)

10 months ago
Some issue I’ve run into, and worked around, with wp_consent_api…
1. The API should instantiate on load rather than ‘plugins_loaded’ so that it is available as early as possible.
Workaround: call \WP_CONSENT_API::get_instance(); if needed before ‘plugins_loaded’.
1. There are cookies that may be necessary for the proper functioning of the web site but no category for such cookies.
  (‘functional’ may be appropriate but would be dependent on the CMP).
Workaround: Add ‘necessary’ category
```
add_filter('wp_consent_categories', function($consent) {
    return array_merge(['necessary'],$consent);
});
// 'necessary' is always allowed
add_filter('wp_has_consent', function($has_consent, $category, $requested_by) {
    return ($category == 'necessary') ? true : $has_consent;
},5,3);
```
1. If a CMP sets the consent type in javascript, server-side PHP knows nothing of it.
Workaround: set/use a cookie
```
add_action( 'wp_enqueue_scripts', array( $this, 'cookie_consent_patch' ),PHP_INT_MAX);

 public function cookie_consent_patch(): void 
{ 
     // use a cookie on change (provided the CMP fires 'wp_consent_type_defined' event). 
    wp_add_inline_script( 'wp-consent-api',
        "document.addEventListener('wp_consent_type_defined',function(){".
            "consent_api_set_cookie(consent_api.cookie_prefix+'_consent_type',window.wp_consent_type);".
        "});"
    );
    // some consent management platforms may not set wp_get_consent_type
    add_filter('wp_get_consent_type',function($type)
        {
            if ((empty($type))) {  // has not (yet) been set
                $prefix    = \WP_CONSENT_API::$config->consent_cookie_prefix();
                return $this->get_cookie("{$prefix}_consent_type",'optout');
            }
            return $type;
        },
        PHP_INT_MAX - 100
    );
}
```
1. wp_get_cookie_info may return all cookie info even when we ask for only one if that one doesn’t exist in the array.
Workaround: Verify the returned array contains the cookie asked for (or all cookies).
```
public function get_cookie_consent($name = false): array
{
    $consent = wp_get_cookie_info($name) : false;
    // because wp_get_cookie_info may return all cookies even when we ask for only one
    if ($consent && $name) {
        if (! isset($consent['plugin_or_service'])) return [];
    }
    return (is_array($consent)) ? $consent : [];
}
```
1. wp_set_cookie doesn’t support the ‘samesite’ cookie parameter nor the setcookie ‘alternative signature’ using an options array.
Workaround: roll your own set_cookie
1. “Not all plugins have declared to follow Consent API guidelines. Please contact the developer.”
Most plugins don’t involve cookie consent and shouldn’t need to declare themselves as following consent.
Workaround: ?

—

I’ve created a trait/wrapper to handle most of these issues and provide a simple cookie with consent api with:
set_cookie(), set_cookie_expiration(), set_cookie_consent(), get_cookie_consent(), has_cookie_consent, get_cookie()

See:
- wp-consent-api-and-cookies
- cookie_consent.trait.php
This may not work as-is in other projects but should provide an example.

Viewing 1 replies (of 1 total)

Plugin Contributor Aert Hulsebos
(@aahulsebos)

7 months, 1 week ago

Hi @kevinburkholder, I cordially invite you to do a pr on https://github.com/WordPress/wp-consent-level-api/pulls. Thanks!

Viewing 1 replies (of 1 total)

The topic ‘Some issues and work-arounds’ is closed to new replies.