Adding Cookiebot consent banner

[znegrin]

This is related to the issue #1405 from the Backlog.

I added the scripts for the cookie consent banner. I can't check if it is working on the localhost, so I guess we need to upload it to staging at least to see if it is working.

Also I wasn't sure if we need to add the data-cookieconsent to any script on the site:

Signed-off-by: Zuri Negrín zurinegrin@gmail.com

[vcoisne]

LGTM

[dpordomingo]

Not a GDPR nor a cookiebot expert, so I can not dig on its implications.
I have no new concern but the ones expressed by https://github.com/src-d/devrel/issues/88#issuecomment-468760755

TL;DR
Is cookie bot disabling the tracking for:

• all the scripts that we're currently using?, or
• the scripts that we could add in the future,? or
• our third-party dependencies and its transitive dependencies?

If the user says no, and it makes cookiebot to disable some scripts, but those scripts are required to render some parts of the Landing, are we handling those exceptions?

Current proposal is already at staging
https://landing-staging.srcd.run

I couldn't validate it because:

Error: LANDING-STAGING.SRCD.RUN is not a valid domain.
Please add it to the cookie consent manager to authorize the domain.

[vcoisne]

@dpordomingo The cookie consent banner is not a yes / no question. We display the banner until visitors accept our cookie policy by clicking on the button "Got it". That's how most site handle cookie tracking consent.

Cookie consent scans the website on a monthly basis and provides a report of all the scripts using cookies across the site.

We should actually embed the following script to publish the full report under a section called Cookie Policy under Privacy https://sourced.tech/legal/#privacy cc @znegrin

<script id="CookieDeclaration" src="https://consent.cookiebot.com/bebaec9f-3b51-4686-adf1-1f3bb76dec15/cd.js" type="text/javascript" async></script>

[znegrin]

We should actually embed the following script to publish the full report under a section called Cookie Policy under Privacy https://sourced.tech/legal/#privacy cc @znegrin

<script id="CookieDeclaration" src="https://consent.cookiebot.com/bebaec9f-3b51-4686-adf1-1f3bb76dec15/cd.js" type="text/javascript" async></script>

@vcoisne the script your are asking me to add was already on the original commit and added in that section.

[vcoisne]

The banner is now visible in staging. I'm not happy with the look and feel though. Maybe @ricardobaeta can help customize it to fit our design identity better. I will share the credentials with you via a separate channel.

[dpordomingo]

Some things I see:

It is said in https://landing-staging.srcd.run/legal/

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
Your current state: Use necessary cookies only.
Change your consent

From our cookie inventory, it is said that the necessary ones are only:

• __cfduid blog.sourced.tech ghost.io
• CookieConsent sourced.tech

Since my current state is "use necessary cookies only", I'd expect that only __cfduid and CookieConsent cookies would be stored, but checking the cookies that were stored in my session, I saw that there were installed some not declared as necessary cookies.

I wonder if it could be a problem and if it would help us if we list all of them as being necessary.

[vcoisne]

Actually, it looks fine now @ricardobaeta

@dpordomingo I don't think it is a problem because we have explicit consent banner enabled. I don't think we should list the cookies as necessary if they are not.

IMO this is ready to be deployed in prod.