fix(cookie): Fehlerhaften Consent-Cookie-Button entfernt und durch von Microsoft empfohlene Struktur ersetzt

- Den fehlerhaften Consent-Cookie-Button entfernt und die von Microsoft empfohlene Struktur integriert, um die Compliance und Funktionalität zu verbessern.
2024-09-20 13:07:32 +02:00 · 2024-09-20 13:07:32 +02:00 · 5c4acd17a0
commit 5c4acd17a0
parent fc171e5b89
2 changed files with 28 additions and 20 deletions
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@ -63,6 +63,15 @@ try
        q.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.IgnoreCycles;
    });

+    builder.Services.Configure<CookiePolicyOptions>(options =>
+    {
+        // This lambda determines whether user consent for non-essential 
+        // cookies is needed for a given request.
+        options.CheckConsentNeeded = context => true;
+
+        options.MinimumSameSitePolicy = SameSiteMode.None;
+    });
+
    if (config.GetValue<bool>("EnableSwagger") && builder.IsDevOrDiP())
    {
        builder.Services.AddEndpointsApiExplorer();
@ -187,7 +196,7 @@ try

    app.UseStaticFiles();

-    //app.UseCookiePolicy();
+    app.UseCookiePolicy();

    app.UseRouting();

--- a/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml
+++ b/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml
@ -1,27 +1,26 @@
-@{
-    var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
-}
-@using DigitalData.Core.DTO;
-@using Microsoft.AspNetCore.Http.Features
-@using Newtonsoft.Json.Serialization;
-@using Newtonsoft.Json;
-@inject CookieConsentSettings _cookieSettings
+@using Microsoft.AspNetCore.Http.Features
+
@{
+    var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
    var consentFeature = Context.Features.Get<ITrackingConsentFeature>();
    var showBanner = !consentFeature?.CanTrack ?? false;
    var cookieString = consentFeature?.CreateConsentCookie();
 }
+
@if (showBanner)
 {
-<script nonce="@nonce">
-@{
-    var serializerSettings = new JsonSerializerSettings
-    {
-        ContractResolver = new CamelCasePropertyNamesContractResolver()
-    };
-    string serializedProps = JsonConvert.SerializeObject(_cookieSettings, serializerSettings);
-}
-    var props = @Html.Raw(serializedProps);
-    var cookieSettings = new BootstrapCookieConsentSettings(props)
-</script>
+    <div id="cookieConsent" class="alert alert-info alert-dismissible fade show" role="alert">
+        Use this space to summarize your privacy and cookie use policy. <a asp-page="/Privacy">Learn More</a>.
+        <button type="button" class="accept-policy close" data-bs-dismiss="alert" aria-label="Close" data-cookie-string="@cookieString">
+            <span aria-hidden="true">Accept</span>
+        </button>
+    </div>
+    <script nonce="@nonce">
+        (function () {
+            var button = document.querySelector("#cookieConsent button[data-cookie-string]");
+            button.addEventListener("click", function (event) {
+                document.cookie = button.dataset.cookieString;
+            }, false);
+        })();
+    </script>
 }