From 5c4acd17a08d3cd4269e1911e4736e641b36c027 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Fri, 20 Sep 2024 13:07:32 +0200
Subject: [PATCH] fix(cookie): Fehlerhaften Consent-Cookie-Button entfernt und
 durch von Microsoft empfohlene Struktur ersetzt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Den fehlerhaften Consent-Cookie-Button entfernt und die von Microsoft empfohlene Struktur integriert, um die Compliance und Funktionalität zu verbessern.
---
 EnvelopeGenerator.Web/Program.cs              | 11 +++++-
 .../Views/Shared/_CookieConsentPartial.cshtml | 37 +++++++++----------
 2 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/EnvelopeGenerator.Web/Program.cs b/EnvelopeGenerator.Web/Program.cs
index 6456a6a5..81459100 100644
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@@ -63,6 +63,15 @@ try
         q.JsonSerializerOptions.ReferenceHandler = System.Text.Json.Serialization.ReferenceHandler.IgnoreCycles;
     });
 
+    builder.Services.Configure<CookiePolicyOptions>(options =>
+    {
+        // This lambda determines whether user consent for non-essential 
+        // cookies is needed for a given request.
+        options.CheckConsentNeeded = context => true;
+
+        options.MinimumSameSitePolicy = SameSiteMode.None;
+    });
+
     if (config.GetValue<bool>("EnableSwagger") && builder.IsDevOrDiP())
     {
         builder.Services.AddEndpointsApiExplorer();
@@ -187,7 +196,7 @@ try
 
     app.UseStaticFiles();
 
-    //app.UseCookiePolicy();
+    app.UseCookiePolicy();
 
     app.UseRouting();
 
diff --git a/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml b/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml
index 6dfed5cf..b7757c4e 100644
--- a/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml
+++ b/EnvelopeGenerator.Web/Views/Shared/_CookieConsentPartial.cshtml
@@ -1,27 +1,26 @@
-@{
-    var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
-}
-@using DigitalData.Core.DTO;
-@using Microsoft.AspNetCore.Http.Features
-@using Newtonsoft.Json.Serialization;
-@using Newtonsoft.Json;
-@inject CookieConsentSettings _cookieSettings
+@using Microsoft.AspNetCore.Http.Features
+
 @{
+    var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
     var consentFeature = Context.Features.Get<ITrackingConsentFeature>();
     var showBanner = !consentFeature?.CanTrack ?? false;
     var cookieString = consentFeature?.CreateConsentCookie();
 }
+
 @if (showBanner)
 {
-<script nonce="@nonce">
-@{
-    var serializerSettings = new JsonSerializerSettings
-    {
-        ContractResolver = new CamelCasePropertyNamesContractResolver()
-    };
-    string serializedProps = JsonConvert.SerializeObject(_cookieSettings, serializerSettings);
-}
-    var props = @Html.Raw(serializedProps);
-    var cookieSettings = new BootstrapCookieConsentSettings(props)
-</script>
+    <div id="cookieConsent" class="alert alert-info alert-dismissible fade show" role="alert">
+        Use this space to summarize your privacy and cookie use policy. <a asp-page="/Privacy">Learn More</a>.
+        <button type="button" class="accept-policy close" data-bs-dismiss="alert" aria-label="Close" data-cookie-string="@cookieString">
+            <span aria-hidden="true">Accept</span>
+        </button>
+    </div>
+    <script nonce="@nonce">
+        (function () {
+            var button = document.querySelector("#cookieConsent button[data-cookie-string]");
+            button.addEventListener("click", function (event) {
+                document.cookie = button.dataset.cookieString;
+            }, false);
+        })();
+    </script>
 }
\ No newline at end of file