feat(privacy): cookie consent banner — gate GTM behind user consent#49
Merged
feat(privacy): cookie consent banner — gate GTM behind user consent#49
Conversation
Integrates vanilla-cookieconsent v3 (MIT, open-source) to block Google Tag Manager from loading until the visitor explicitly accepts analytics cookies — closing a GDPR/ePrivacy gap where GTM fired unconditionally. - New CookieConsentBanner.astro component: server-renders i18n strings for both en and zh-Hant locales, initialises the banner bottom-right, and calls window.__loadGtm() on analytics consent - BaseLayout.astro: GTM bootstrap moved into window.__loadGtm() deferred function; banner rendered whenever PUBLIC_GTM_ID is set - SiteFooter.astro + navigation-data.ts: "Cookie settings" button in the bottom bar reopens the preferences modal via window.__cc.showPreferences() - en.json + zh-Hant.json: CookieConsent namespace with full bilingual copy Categories: necessary (always on), analytics (GTM/_ga* cookies), marketing (placeholder for future tags). Auto-clears _ga* on rejection. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fungc-io
approved these changes
May 4, 2026
Contributor
fungc-io
left a comment
fungc-io
left a comment
There was a problem hiding this comment.
Approved — cookie consent gating GTM behind opt-in, bilingual copy, footer reopener, no breaking changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vanilla-cookieconsentv3 (MIT, same stack as FormX.ai) to block GTM from loading until the visitor explicitly accepts analytics cookieswindow.__loadGtm()function — no tracking fires until consent is granted_ga*auto-clear on rejection), Marketing (placeholder for future tags)t()i18n helperclose #50
Screenshots
Banner (en) — bottom-right box, no page interaction blocked:
Preferences modal — per-category toggles with descriptions, Save preferences.
zh-Hant banner renders
我們使用 Cookiewith correct Traditional Chinese copy throughout.Test plan
/withPUBLIC_GTM_IDset → banner appears bottom-right, GTM network request absentauthgear_cccookie written withanalytics:false, no GTM requestgtm.jsin network tab)_ga*cookies cleared on save/zh-hant/→ banner copy renders in Traditional Chinesenpm run build→ builds cleanly__loadGtmfunction)🤖 Generated with Claude Code