Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Rack middleware for the EU ePrivacy Directive compliance in Ruby Web Apps
Ruby
tree: ac2a0f77cb

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
examples
lib
spec
.gitignore
.rspec
.rvmrc
.travis.yml
CHANGELOG.md
Gemfile
LICENSE
README.md
Rakefile
rack-policy.gemspec

README.md

Rack-Policy

Build Status Dependency Status

This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive' whereby a user needs to provide implied consent before any data can be stored on his machine.

Installation

Add this line to your application's Gemfile:

gem 'rack-policy'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rack-policy

Usage

By default when the Rack application is loaded no cookies will be set(provided no session cookies already exist), and any existing session cookies will be destroyed. Throughout the request cycle cookies now won't be set until the user has given explicit consent. This can be controlled by setting consent token

Rack::Policy::CookieLimiter, consent_token: 'allow_me'

The very same consent_token is used to toggle the limiter behaviour.

Examples

Adding Rack::Policy::CookieLimiter to Rack applications

Rails 3.x

# config/application.rb
require 'rack/policy'

class Application < Rails::Application
  config.middleware.use Rack::Policy::CookieLimiter, consent_token: 'rack.policy'
end

And then in your custom controller create actions responsible for setting and unsetting cookie policy

class CookiePolicyController < ApplicationController

  def allow
    response.set_cookie 'rack.policy', {
      value: 'true',
      path: '/',
      expires: 1.year.from_now.utc
    }
    render nothing: true
  end

  def deny
    response.delete_cookie 'rack.policy'
    render nothing: true
  end
end

Rails 2.x

# config/environment

Rails::Initializer.run do |config|
  require 'rack/policy'
  config.middleware.insert_before Rack::Lock, Rack::Policy::CookieLimiter, consent_token: 'rack.policy'
end

Set and unset cookie consent in similar way to Rails 3.x example.

Sinatra

For classic style sinatra application do

#!/usr/bin/env ruby -rubygems
require 'sinatra'
require 'rack/policy'

configure do
  use Rack::Policy::CookieLimiter, consent_token: 'rack.policy'
end

get('/') { "Allow cookies to be set? <a href='/allow'>Allow</a>" }

get('/allow') { response.set_cookie 'rack.policy' }

get('/deny') { response.delete_cookie 'rack.policy' }

Padrino

#!/usr/bin/env ruby -rubygems
require 'padrino'
require 'rack/policy'

class MyApp < Padrino::Application
  use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
end

Rackup

#!/usr/bin/env rackup
require 'rack/policy'

use Rack::Policy::CookieLimiter consent_token: 'rack.policy'

run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
Something went wrong with that request. Please try again.