Orejime 🍪
Let your users choose the cookies they eat on your website.
Orejime 🍪 is an easy to use consent manager that focuses on accessibility.
Introduction
Orejime 🍪 is an open-source JavaScript library you can use on your website to let users choose what third-party cookies they allow. It's specifically made to comply with the GDPR.
Orejime 🍪 is a fork of Klaro! that focuses on accessibility. It follows Web Content Accessibility Guidelines (WCAG) via the French RGAA.
Getting started
Using Orejime 🍪 requires a few steps:
- Installation
- Third-party script tags change
- Configuration
- Initialization
Installation
Via CDN
The easiest way to use the lib is to include the built files directly in the browser.
<link rel="stylesheet" href="https://unpkg.com/orejime@latest/dist/orejime.css" />
<script src="https://unpkg.com/orejime@latest/dist/orejime.js"></script>
If you're using this method, please avoid using the @latest
version. Prefer a fixed one like https://unpkg.com/orejime@2.0.1/...
.
That way you can ensure you will not be impacted by a change of API or a potential bug that could land in the latest version.
Via npm
Orejime 🍪 is a React lib. Make sure you already installed react and react-dom, then:
npm install orejime
The CSS is located in node_modules/orejime/dist/orejime.css
. Import it directly in your JS thanks to webpack, or install it any way you are used to in your project.
You can also directly consume the Sass file if you prefer, located in the same folder.
Note: if you don't have a React environment but still want to use npm in order to easily get the latest version of Orejime, the already-built JS file is located in node_modules/orejime/dist/orejime.js
.
Old browser support
For IE11, you'll need to have ES6 polyfills loaded on your page. One easy and efficient way to add such polyfills is to use polyfill.io.
Third-party script tags change
For each third-party script you want Orejime to manage, you must modify its <script>
tag so that the browser doesn't load it directly anymore. Orejime will take care of loading it if the user accepts.
For inline scripts, set the type
attribute to opt-in
to keep the browser from executing the script. Also add a data-purpose
attribute with a short, unique, spaceless name for this script:
- <script>
+ <script
+ type="opt-in"
+ data-type="application/javascript"
+ data-purpose="google-tag-manager">
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push [...]
</script>
For external scripts or img tags (for tracking pixels), do the same, and rename the src
attribute to data-src
:
- <script
- src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap"></script>
+ <script
+ type="opt-in"
+ data-type="application/javascript"
+ data-purpose="google-maps"
+ data-src="https://maps.googleapis.com/maps/api/js?key=YOUR_API_KEY&callback=initMap"></script>
Configuration
You need to pass Orejime 🍪 a configuration object with, at the very least, purposes
and privacyPolicyUrl
properties. Each purpose listed in purposes
must itself have at least id
, title
and cookies
.
Here is a fully-detailed annotated example of a configuration object:
var orejimeConfig = {
orejimeElement: "#orejime",
cookie: {
name: "orejime",
duration: 365,
domain: 'mydomain.com',
stringify: (contents) => JSON.stringify(contents),
parse: (cookie) => JSON.parse(cookie),
},
privacyPolicyUrl: "",
forceModal: false,
forceBanner: false,
lang: "en",
logo: '/img/logo.png',
theme: 'orejime',
translations: {
modal: {
description: "This is an example of how to override an existing translation already used by Orejime",
}
},
purposes: [
{
id: "google-tag-manager",
title: "Google Tag Manager",
description: "This is used for analytics.",
cookies: [
"_ga",
"_gat",
"_gid",
"__utma",
"__utmb",
"__utmc",
"__utmt",
"__utmz",
"_gat_gtag_" + GTM_UA,
"_gat_" + GTM_UA
],
isMandatory: false,
isExempt: false,
default: false,
runsOnce: true,
},
{
id: "inline-tracker",
title: "Inline Tracker",
description: "Example of an inline tracking script",
cookies: [
"inline-tracker"
["cookieName", "/blog", "." + location.hostname],
["cookieName", "/", "test.mydomain.com"],
]
},
{
id: "external-tracker",
title: "External Tracker",
description: "Example of an external tracking script",
cookies: ["external-tracker"],
isMandatory: true
},
{
id: "advertising",
title: "Advertising",
description: "…",
purposes: [
{
id: "foo",
title: "Foo",
cookies: []
},
{
id: "bar",
title: "Bar",
cookies: []
}
]
}
]
}
Special cases
Exemption
If every purpose is either isMandatory
or isExempt
, Orejime will not show at startup
(but it will still be possible to open it programmatically).
However, you should consider this use case carefully, and ensure that :
isMandatory
trackers are truly required for your app to function properlyisExempt
trackers are exempt from consent, (i.e.
as defined by the CNIL)
Initialization
Now that you included the JS, the CSS, configured existing third-party scripts and defined your configuration, you can initialize an instance. This can be done automatically or manually.
Automatically
When including the script, the lib checks if the window.orejimeConfig
variable exists. If it does, a new Orejime instance is created in window.orejime
.
:warning: Note : Orejime doesn't have this behavior when using it as a module.
Manually
Orejime.init(orejimeConfig);
As a module
If you're using Orejime within a bundler like webpack or vite, you have to provide actual themes and translations. This allows the bundler to perform better tree shaking as dependencies are explicitly stated.
For example, with the orejime
theme and english translations:
import {orejime, orejimeTheme, en} from 'orejime';
const instance = orejime({
lang: 'en',
translations: en,
theme: orejimeTheme,
privacyPolicyUrl: 'http://example.org/privacy-policy',
purposes: [{
id: 'analytics',
title: 'Analytics',
cookies: []
}]
})
If you want full control over the UI, you might want to use only the consent manager, which is the core of Orejime. You can then use it with vanilla JS or your framework of choice.
import {manager} from 'orejime';
const instance = manager([
{
id: 'analytics',
title: 'Analytics',
cookies: []
}
]);
console.log(instance.getConsent('analytics'));
instance.setConsent('analytics', true);
console.log(instance.getConsent('analytics'));
Theming
Orejime support multiple themes to accomodate for every situation.
Default theme
This theme is loaded by default. It is meant to be simple but elegant enough to be used as-is on any website. It is easily customizable by tweaking some CSS properties.
Of course, you can either replace the original CSS entirely, or add your custom stylesheet to overwrite only some of the rules.
.orejime-Env {
--orejime-font-family: monospace;
--orejime-background: black;
--orejime-color: yellow;
}
<link rel="stylesheet" href="orejime.css" />
<link rel="stylesheet" href="custom-style.css" />
DSFR theme
This theme is meant to be used on websites using the official design system of the french government. As those sites already include the DSFR styles, this theme does not provide any styles of its own but only makes use of the correct markup and class names.
See the consent manager component on the DSFR docs for an overview.
API
Orejime.init(config)
: creates a new Orejime instance with the given config objectOrejime.defaultConfig
: object containing all the default properties of an instance
Orejime instance
prompt()
: opens the consent modalmanager
: the Manager instance used. See src/core/Manager.ts
config
: the complete config object used
Migrating
Version 3
A major overhaul of the configuration took place in this version, as to clarify naming and align more with the GDPR vocabulary.
If you were already using version 2, a tool to migrate your current configuration is available here : https://orejime.empreintedigitale.fr/migration.
Development
If you want to contribute to Orejime, or make a special build for yourself, clone the project then:
npm install
npm start
You can then open the demo page on http://localhost:3000
- it will be reloaded automatically when the JS or CSS changes.
License & credits
This project is licensed under a BSD-3 license.
Orejime started as a fork of Klaro!. A lot of stuff changed since. A few were integrated in the original project, but eventually some big bricks changed and it became difficult, or sometimes not even necessary, to push those changes in.
Orejime is maintained by Empreinte Digitale (French).
What does "Orejime" mean?
"Orejime" is a play-on-word. You can pronounce it like "Au régime" in French, which means "on a diet". 🍪