@not-govuk/consent-cookies
Advanced tools
Connect middleware to parse and set cookies only with user consent.
Readme
Connect middleware to parse and set cookies only with user consent. This aids compliance with European regulations.
Also provides a session via a cookie. (Accessible by reading and writing
to req.session.)
Tested on Restify but should work on other Connect-like systems such as Express.
httpOnly is set to false)First install the package into your project:
npm install -S @not-govuk/consent-cookies
Then use it in your code as follows:
const restify = require('restify');
const consentCookies = require('@not-govuk/consent-cookies');
const myCookies = [
{
name: 'ga',
description: 'Enables us to track you use of the site and helps us to optimise your experience.',
group: 'Analytics',
httpOnly: false
},
{
name: 'seen,
description: 'Allows us to know whether you have visited the site before.',
group: 'Analytics'
}
];
const httpd = restify.createServer();
httpd.use(consentCookies({ cookies: myCookies, secret: 'my-encryption-secret' }));
httpd.get('/', (req, res, next) => {
const seen = req.cookies['seen'] || false;
const message = (
seen
? 'Hello!'
: 'Welcome back.'
);
res.setCookie('seen', true);
res.send(`<html><body>${seen}</body></html>`);
next();
});
httpd.listen(8080, '0.0.0.0', () => {
httpd.log.info('%s listening at %s', httpd.name, httpd.url);
});
Subsequent middlewares will be able to discover the cookies available for
use via req.cookiesMeta as well as the current cookies of enabled
cookies via req.cookies. New cookies can be set with res.setCookie().
consentCookies(options: object)Provides a middleware that can be given to httpd.use().
Options object:
cookies: object
A description of all the cookies your application uses. Only cookies
described here will be available for reading and writing.
name: string
The name of the cookie.description: string
A description of the cookies purpose. (To be shown to the user.)group?: string
The category that an optional cookie belongs to. e.g. 'Analytics'. If
the cookie is mandatory, do not define this and the cookie will
always be available.httpOnly?: boolean = true
Whether the cookie can be accessed on the client. Unlike other cookie
options, this must be defined here and cannot be provided later,
when setting the cookie. This is because consent-cookies will encrypt
all httpOnly cookies as a security precaution and so needs to know
whether to decrypt them when reading them.cookie.serialize() options besides encode
See: https://www.npmjs.com/package/cookiesecret: string
A secret that is used to encrypt your cookies. You should ensure that
you set this in production to ensure that they cannot be decrypted by
an attacker. If you horizontally scale your application, you must
ensure that the secret is shared between each instance, so that they
can decrypt cookies that were set by other instances.provideSession?: boolean = true
Whether to provide a session at req.session. Set this to false if
you do not require a session or if you wish to provide a session using
a different middleware.cookie.serialize() options besides encode and httpOnly
These will become the defaults within your application. Note that we
set some sensible defaults for your with a 'secure by default' mindset,
so you should only need to provide these options in order to loosen up
the security.
See: https://www.npmjs.com/package/cookieres.setCookie(name: string, value: any[, options: object])Sets a cookie.
name: string
The name of the cookie you wish to set.
Note: If this cookie has not been consented to and is not
mandatory, an exception will be thrown.value: any
The value you wish to set for the cookie. This can be anything that
JSON.stringify can serialise but must fit within the size limits of
cookies.options: object
Any cookie.serialize() option besides encode and httpOnly.
(To set httpOnly you must declare it when initially describing the
cookie.)
See: https://www.npmjs.com/package/cookiereq.cookiesAn object containing the data from all active cookies.
req.cookiesMetaAn object that contains a description of all supported cookies and whether the user has consented to them.
Before working on this package you must install its dependencies using the following command:
pnpm install
Build the package by compiling the source code.
npm run build
Remove any previously built files.
npm run clean
FAQs
Connect middleware to parse and set cookies only with user consent.
The npm package @not-govuk/consent-cookies receives a total of 21 weekly downloads. As such, @not-govuk/consent-cookies popularity was classified as not popular.
We found that @not-govuk/consent-cookies demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.