From 5c8435d39e3f9be2b4406b6661d898e76823d6b8 Mon Sep 17 00:00:00 2001 From: viveksantayana Date: Thu, 16 Jun 2022 13:22:06 +0100 Subject: [PATCH] Added cookie consent --- ref-test/app/admin/static/js/script.js | 2 +- ref-test/app/config.py | 1 + ref-test/app/quiz/static/js/script.js | 2 +- ref-test/app/views.py | 6 +++--- ref-test/main.py | 15 ++++++++++++--- 5 files changed, 18 insertions(+), 8 deletions(-) diff --git a/ref-test/app/admin/static/js/script.js b/ref-test/app/admin/static/js/script.js index f6206a0..30c8a49 100644 --- a/ref-test/app/admin/static/js/script.js +++ b/ref-test/app/admin/static/js/script.js @@ -152,7 +152,7 @@ $('#dismiss-cookie-alert').click(function(event){ $.ajax({ url: '/cookies/', - type: 'GET', + type: 'POST', data: { time: Date.now() }, diff --git a/ref-test/app/config.py b/ref-test/app/config.py index cd987bd..3dcd48b 100644 --- a/ref-test/app/config.py +++ b/ref-test/app/config.py @@ -9,6 +9,7 @@ class Config(object): DEBUG = False TESTING = False SECRET_KEY = os.getenv('SECRET_KEY') + SERVER_NAME = os.getenv('SERVER_NAME') SESSION_COOKIE_SECURE = True SQLALCHEMY_DATABASE_URI = f'sqlite:///{Path(DATA)}/database.db' SQLALCHEMY_TRACK_MODIFICATIONS = False diff --git a/ref-test/app/quiz/static/js/script.js b/ref-test/app/quiz/static/js/script.js index e5f0ed1..ba30892 100644 --- a/ref-test/app/quiz/static/js/script.js +++ b/ref-test/app/quiz/static/js/script.js @@ -68,7 +68,7 @@ $('#dismiss-cookie-alert').click(function(event){ $.ajax({ url: '/cookies/', - type: 'GET', + type: 'POST', data: { time: Date.now() }, diff --git a/ref-test/app/views.py b/ref-test/app/views.py index c54fe36..e7795ea 100644 --- a/ref-test/app/views.py +++ b/ref-test/app/views.py @@ -5,7 +5,7 @@ from flask import Blueprint, redirect, request, render_template from datetime import datetime, timedelta views = Blueprint( - name='common', + name='views', import_name=__name__, template_folder='templates', static_folder='static' @@ -15,7 +15,7 @@ views = Blueprint( def _privacy(): return render_template('privacy.html') -@views.route('/cookie_consent/') +@views.route('/cookies/', methods=['POST']) def _cookie_consent(): resp = redirect('/') resp.set_cookie( @@ -24,7 +24,7 @@ def _cookie_consent(): max_age = timedelta(days=14) if request.cookies.get('remember') == 'True' else None, path = '/', expires = datetime.utcnow() + timedelta(days=14) if request.cookies.get('remember') else None, - domain = f'.{Config.SERVER_NAME}', + domain = f'{Config.SERVER_NAME}', secure = True ) return resp \ No newline at end of file diff --git a/ref-test/main.py b/ref-test/main.py index af53bd2..878455c 100644 --- a/ref-test/main.py +++ b/ref-test/main.py @@ -2,9 +2,10 @@ from app.models import User from app.modules import bootstrap, csrf, db, login_manager, mail from config import Config -from flask import Flask -from flask_wtf.csrf import CSRFError +from flask import flash, Flask, request +from flask.helpers import url_for from flask.json import jsonify +from flask_wtf.csrf import CSRFError from werkzeug.middleware.proxy_fix import ProxyFix from datetime import datetime @@ -25,6 +26,14 @@ def create_app(): def _load_user(id): return User.query.filter_by(id=id).first() + @app.before_request + def _check_cookie_consent(): + if request.cookies.get('cookie_consent'): + return + if any([ request.path.startswith(x) for x in [ '/admin/static/', '/static/', '/cookies/' ] ]): + return + flash(f'Cookie Consent: This web site only stores minimal, functional cookies. It does not store any tracking information. By using this site, you consent to this use of cookies. For more information, see our privacy policy.', 'cookie_alert') + @app.errorhandler(404) def _404_handler(error): return jsonify({'error':'404 — Not Found'}), 404 @@ -37,8 +46,8 @@ def create_app(): from app.admin.views import admin from app.api.views import api - from app.views import views from app.quiz.views import quiz + from app.views import views app.register_blueprint(admin, url_prefix='/admin') app.register_blueprint(api, url_prefix='/api')