@@ -47,24 +47,22 @@
-
- {{analytics_cookie_name}}
+
+ accepted_ga_cookies
- Saves your analytics cookie consent settings
+ Saves your cookie consent settings.
1 year
-
- csrftoken
+
+ cookie_preferences_set
- Helps prevent Cross-Site Request Forgery (CSRF) attacks
+ Lets us know that you've saved your cookie consent settings.
1 year
@@ -73,13 +71,13 @@
- session
+ csrftoken
- Used to keep you signed in when publishing a report
+ Helps prevent Cross-Site Request Forgery (CSRF) attacks
- 20 hours
+ 1 year
@@ -87,8 +85,7 @@ {% block head_title %}Placeholder Head Title{% endblock %} - GOV.UK
@@ -21,6 +30,12 @@
+
+
+
{% render_cookie_banner %}
Essential cookies
Essential cookies
Essential cookies
Analytics cookies (optional)
- With your permission, we use Google Analytics to collect data about how you use Check when large - businesses pay their suppliers. This information helps us to improve our service. + With your permission, we use Google Analytics to collect data about how you use {{service_name}}. This information helps us to improve our service.
Google is not allowed to use or share our analytics data with anyone.
@@ -148,26 +145,30 @@
diff --git a/orp/core/templatetags/cookie_tags.py b/orp/core/templatetags/cookie_tags.py
index e676380..43cbbbf 100644
--- a/orp/core/templatetags/cookie_tags.py
+++ b/orp/core/templatetags/cookie_tags.py
@@ -15,23 +15,25 @@ def render_cookie_banner(context) -> str:
is not rendered.
"""
request = context["request"]
- if settings.ANALYTICS_CONSENT_NAME not in request.COOKIES:
+ if settings.COOKIE_PREFERENCES_SET_NAME not in request.COOKIES:
return render_to_string(
"cookie_banner.html",
{
"service_name": settings.SERVICE_NAME,
- "analytics_cookie_name": settings.ANALYTICS_CONSENT_NAME,
+ "cookie_preference_name": settings.COOKIE_ACCEPTED_GA_NAME,
"request": request,
"show_cookie_banner": True,
"show_confirmation_message": False,
},
)
- elif "cookie_preferences" in request.GET:
+ elif "hide_banner" in request.GET:
return render_to_string(
"cookie_banner.html",
{
"service_name": settings.SERVICE_NAME,
- "cookie_preferences": request.GET.get("cookie_preferences"),
+ "cookie_preference": request.GET.get(
+ settings.COOKIE_ACCEPTED_GA_NAME
+ ),
"request": request,
"show_cookie_banner": False,
"show_confirmation_message": True,
diff --git a/orp/core/views.py b/orp/core/views.py
index 72c6f3f..bf19ff8 100644
--- a/orp/core/views.py
+++ b/orp/core/views.py
@@ -2,14 +2,11 @@
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
from django.shortcuts import redirect, render
from django.urls import reverse
+from django.utils.http import url_has_allowed_host_and_scheme
from django.views.decorators.http import require_http_methods, require_safe
-from .cookies import (
- analytics_form_initial_mapping,
- get_analytics_consent,
- set_analytics_consent_cookie,
-)
-from .forms import CookiePageConsentForm
+from .cookies import get_ga_cookie_preference, set_ga_cookie_policy
+from .forms import CookiePreferenceForm
from .healthcheck import application_service_health
@@ -81,32 +78,29 @@ def accessibility_statement(request: HttpRequest) -> HttpResponse:
@require_http_methods(["GET", "POST"])
def cookies(request: HttpRequest) -> HttpResponse:
- """Cookies.
+ """Cookie policy page view.
Returns the cookies page. If the request method is POST, the analytics
consent cookie is set and the user is redirected back to the cookies page.
"""
context = {
"service_name": settings.SERVICE_NAME,
- "analytics_cookie_name": settings.ANALYTICS_CONSENT_NAME,
+ "cookie_preference_name": settings.COOKIE_ACCEPTED_GA_NAME,
}
if request.method == "POST":
- form = CookiePageConsentForm(request.POST)
+ form = CookiePreferenceForm(request.POST)
if form.is_valid():
- analytics_consent = form.cleaned_data[
- settings.ANALYTICS_CONSENT_NAME
- ]
- context[settings.ANALYTICS_CONSENT_NAME] = analytics_consent
+ preference = form.cleaned_data["cookie_preference"]
response = redirect(reverse("cookies"))
- set_analytics_consent_cookie(response, analytics_consent)
+ set_ga_cookie_policy(response, preference)
response[
"Location"
- ] += f"?{settings.ANALYTICS_CONSENT_NAME}={analytics_consent}"
+ ] += f"?{settings.COOKIE_ACCEPTED_GA_NAME}={preference}"
return response
else:
- analytics_consent = get_analytics_consent(request)
- form = CookiePageConsentForm(
- initial=analytics_form_initial_mapping(analytics_consent)
+ preferences_value = get_ga_cookie_preference(request)
+ form = CookiePreferenceForm(
+ initial={"cookie_preference": preferences_value}
)
context["form"] = form
return render(request, template_name="cookies.html", context=context)
@@ -114,20 +108,28 @@ def cookies(request: HttpRequest) -> HttpResponse:
@require_http_methods(["GET"])
def set_cookie_banner_preference(request) -> HttpResponseRedirect:
- """Set cookie banner preference.
+ """Set cookie preferences banner.
- Sets analytics cookie preference and redirects to the current page.
- The redirect URL includes the `cookie_preferences` query parameter.
- This parameter is used to display a confirmation message banner.
+ Sets the user Google Analytics (GA) cookie preference and then redirects
+ to the current page. The redirect URL includes the `hide_banner`
+ query parameter. This parameter is used to display a confirmation message
+ banner.
"""
- analytics_consent = request.GET.get(settings.ANALYTICS_CONSENT_NAME)
- current_page = request.GET.get("current_page") or "/"
- separator = "?" if "?" not in current_page else "#"
+ preference = request.GET.get(settings.COOKIE_ACCEPTED_GA_NAME, "false")
+ current_page = request.GET.get("current_page")
+ if not url_has_allowed_host_and_scheme(
+ url=current_page,
+ allowed_hosts={request.get_host()}.union(settings.ALLOWED_HOSTS),
+ require_https=request.is_secure(),
+ ):
+ current_page = "/"
+ separator = "?" if "?" not in current_page else "&"
current_page = (
- f"{current_page}{separator}cookie_preferences={analytics_consent}"
+ f"{current_page}{separator}hide_banner=true"
+ f"&{settings.COOKIE_ACCEPTED_GA_NAME}={preference}"
)
response = redirect(current_page)
- set_analytics_consent_cookie(response, analytics_consent)
+ set_ga_cookie_policy(response, preference)
return response
@@ -138,5 +140,11 @@ def hide_cookie_banner(request) -> HttpResponseRedirect:
Redirects to the current page without any query parameters,
effectively hiding the cookie banner.
"""
- current_page = request.GET.get("current_page") or "/"
+ current_page = request.GET.get("current_page")
+ if not url_has_allowed_host_and_scheme(
+ url=current_page,
+ allowed_hosts={request.get_host()}.union(settings.ALLOWED_HOSTS),
+ require_https=request.is_secure(),
+ ):
+ current_page = "/"
return redirect(current_page)
diff --git a/orp/templates/base.html b/orp/templates/base.html
index 5467834..ca586a6 100644
--- a/orp/templates/base.html
+++ b/orp/templates/base.html
@@ -4,6 +4,15 @@
+
+
+
Analytics cookies (optional)
-Change your cookie settings
diff --git a/orp/templates/cookie_banner.html b/orp/templates/cookie_banner.html
index 51c03f3..e40d1d3 100644
--- a/orp/templates/cookie_banner.html
+++ b/orp/templates/cookie_banner.html
@@ -14,13 +14,13 @@
-
- Accept analytics cookies
+
+ Accept analytics cookies
-
- Reject analytics cookies
+
+ Reject analytics cookies
View cookies
@@ -34,7 +34,7 @@
- You've {% if cookie_preferences == 'True' %} accepted {% else %}
+
You've {% if cookie_preference == 'true' %} accepted {% else %}
rejected {% endif %} additional cookies. You can change your cookie
settings at any time.
-
You've {% if cookie_preferences == 'True' %} accepted {% else %} +
You've {% if cookie_preference == 'true' %} accepted {% else %} rejected {% endif %} additional cookies. You can change your cookie settings at any time.