Jump to content

Extension:CookieConsent

Issue tracker: #MediaWiki-extensions-CookieConsent
From mediawiki.org
MediaWiki extensions manual
CookieConsent
Release status: stable
Implementation User interface
Description Adds a GDPR-compliant cookie warning and preferences dialog
Author(s) Marijn van Wezel (Wikibase Solutions)
Latest version 2.2.0 (2025-12-23)
Compatibility policy Master maintains backward compatibility.
MediaWiki >=1.39.0
PHP >=7.4
Database changes No
Composer wikibase-solutions/cookie-consent
License GNU General Public License 2.0 or later
Download
Download extension
Git [?]:
Parameters
  • $wgCookieConsentGeolocationParameters
  • $wgCookieConsentCategories
  • $wgCookieConsentEnabledRegions
  • $wgCookieConsentEnableGeolocation
  • $wgCookieConsentGeolocationField
  • $wgCookieConsentGeolocationEndpoint
Hooks used
Translate the CookieConsent extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The CookieConsent extension adds a GDPR-compliant cookie warning and preferences dialog, informing users about the wiki's cookie usage and allowing them to choose which categories of cookies to accept.

Usage

[edit]

After installing the CookieConsent extension, it is enabled immediately. However, additional set-up is required to correctly block cookies when no consent has (yet) been given. This can be done either in JavaScript (for cookies set in JavaScript) or in PHP (for cookies set in PHP). CookieConsent provides a number of APIs to make this easier.

Blocking scripts from loading

[edit]

Scripts that set cookies can be prevented from loading by setting their type to text/plain. To ensure the scripts are loaded again when consent is granted, you must add the attribute data-mw-cookieconsent containing the names of the categories for which the script needs to be activated again when consent is given for any of the specified categories. The names of these categories correspond to the keys in $wgCookieConsentCategories. For example, to activate a script only when consent for marketing cookies is given, use the following syntax: 

<script type="text/plain" data-mw-cookieconsent="marketing">
console.log("Consent for marketing cookies is given.");
</script>

To active a script when consent for either marketing or preference cookies is given, use the following syntax: 

<script type="text/plain" data-mw-cookieconsent="marketing,preference">
console.log("Consent for marketing, preference or both cookies is given.");
</script>

Blocking iframes from loading

[edit]

You can block iframes from loading by changing the src attribute to data-mw-src and, similarly to blocking scripts, adding the data-mw-cookieconsent attribute. For example, to load an iframe only when consent for statistics cookies is given, use the following syntax: 

<iframe data-mw-src="stats.example.com" data-mw-cookieconsent="statistics" />

window.cookieConsent API

[edit]

CookieConsent provides a number of functions under window.cookieConsent to interact with the consent dialog and check whether consent is given.

window.cookieConsent.openSimpleDialog()
Opens the simple (initial) consent dialog.
window.cookieConsent.openDetailedDialog()
Opens the detailed consent dialog for managing individual categories.
window.cookieConsent.isDimissed()
Whether the dialog has been dismissed before.
window.cookieConsent.isConsentGiven(categoryName)
Whether consent is given for categoryName.

PHP API

[edit]

CookieConsent provides a simple service, CookiePreferences, to programmatically check in PHP whether consent for a cookie category is given. For example: 

use MediaWiki\Extension\CookieConsent\CookieConsentService;
use MediaWiki\Extension\CookieConsent\CookiePreferences;

// True if and only if consent for "marketing" cookies is given.
$isGranted = CookieConsentServices::getCookiePreferences()->isConsentGranted( CookiePreferences::COOKIES_MARKETING );

Configuration

[edit]

Configuration parameters

[edit]

The following configuration options are available:

Configuration Default Description
$wgCookieConsentCategories 
[
    "preference" => [
        "namemsg" => "cookieconsent-category-name-preference",
        "descriptionmsg" => "cookieconsent-category-desc-preference"
    ],
    "statistics" => [
        "namemsg" => "cookieconsent-category-name-statistics",
        "descriptionmsg" => "cookieconsent-category-desc-statistics"
	],
    "marketing" => [
        "namemsg" => "cookieconsent-category-name-marketing",
        "descriptionmsg" => "cookieconsent-category-desc-marketing"
    ]
]
An associative array containing the cookie categories your wiki uses. This allows the administrator of the wiki to remove categories their wiki does not use, or add additional custom categories. It also allows the administrator to rename categories.

The key of the array is the (internal) name of the category, and the value an associative array containing the name and description of the category as displayed to the user. The array recognizes the following keys:

  • namemsg: The name of the system message containing the name of the category (note that this must be a system message defined by CookieConsent, use name if this is not possible).
  • name: The name of the category.
  • descriptionmsg: The name of the system message containing the description of the category (note that this must be a system message defined by CookieConsent, use description if this is not possible).
  • description: The description of the category.
$wgCookieConsentEnableGeolocation 
false
Whether to enable geolocation. This can be used to enable the extension only in certain countries/regions. CAUTION: This uses an external API to determine the user's location based on their IP-address. The IP-address of all users that visit your website will be sent directly to this API. This external API (configured via $wgCookieConsentGeolocationEndpoint) may have certain usage restrictions or limitations. You are responsible for following these restrictions.
$wgCookieConsentEnabledRegions 
[
	"EU",
	"AD",
	"AL",
	"AT",
	"BA",
	"BE",
	"BG",
	"BY",
	"CH",
	"CS",
	"CZ",
	"DE",
	"DK",
	"EE",
	"ES",
	"FI",
	"FO",
	"FR",
	"FX",
	"GB",
	"GI",
	"GR",
	"HR",
	"HU",
	"IE",
	"IS",
	"IT",
	"LI",
	"LT",
	"LU",
	"LV",
	"MC",
	"MD",
	"MK",
	"MT",
	"NL",
	"NO",
	"PL",
	"PT",
	"RO",
	"SE",
	"SI",
	"SJ",
	"SK",
	"SM",
	"UA",
	"VA"
]
The country codes of the countries for which to enable the extension. By default, all countries in the European Union (which fall under the GDPR) are enabled. This setting is only relevant if $wgCookieConsentEnableGeolocation is set to true.
$wgCookieConsentGeolocationEndpoint 
'http://pro.ip-api.com/json/{$IP}'
The endpoint to use for geolocation. The variable {$IP} will automatically be replaced by the user's IP-address. By default, a paid API (pro.ip-api.com) is used. This was chosen, because free API's often have strict usage restrictions and by setting those as the default, users may accidentally end up breaching those restrictions.
$wgCookieConsentGeolocationParameters 
[]
Additional query parameters to pass to the geolocation API. In particular, when using pro.ip-api.com, you must set this to the following: 
$wgCookieConsentGeolocationParameters = ['key' => '<your pro.ip-api.com API key here>'];
$wgCookieConsentGeolocationField 
"countryCode"
The field in the response from the geolocation API to read for determining the user's region.

Geolocation

[edit]

Choose a geolocation API, and follow the guide for your API.

pro.ip-api.com (default)

[edit]

To use the default (paid) API (pro.ip-api.com), you must do the following:

  1. Purchase a pro.ip-api.com membership.
  2. Create a new API key for your wiki, and store it somewhere.
  3. Configure CookieConsent to use your API key by setting $wgCookieConsentGeolocationParameters to ['key' => '<your pro.ip-api.com API key here>'].
  4. Set $wgCookieConsentEnableGeolocation to true.
  5. Done!

ip-api.com

[edit]
This API comes with certain usage restrictions, such as only allowing non-commercial websites. You are responsible for following these restrictions.

To use ip-api.com, you must do the following:

  1. Set $wgCookieConsentGeolocationEndpoint to 'http://ip-api.com/json/{$IP}'.
  2. Set $wgCookieConsentEnableGeolocation to true.
  3. Done!

ipwho.is

[edit]
This API comes with certain usage restrictions, such as only allowing non-commercial website, unless you pay. You are responsible for following these restrictions.

To use ipwho.is, you must do the following:

  1. Set $wgCookieConsentGeolocationEndpoint to 'http://ipwho.is/{$IP}'.
  2. Set $wgCookieConsentGeolocationField to country_code.
  3. Set $wgCookieConsentEnableGeolocation to true.
  4. Done!

System messages

[edit]

If you would like to change the text shown in the banner, you can edit the following pages:

  • MediaWiki:Cookieconsent-simple-dialog-content: The content of the dialog shown when the user first opens the wiki.
  • Mediawiki:Cookieconsent-detailed-dialog-intro: The top text shown in the detailed consent dialog.
  • MediaWiki:Cookieconsent-detailed-dialog-outro: The bottom text shown in the detailed consent dialog.
The messages should contain a valid link to a privacy policy to be GDPR-compliant.

Installation

[edit]
  • Download and move the extracted CookieConsent folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:
    cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CookieConsent
  • Add the following code at the bottom of your LocalSettings.php file: 
    wfLoadExtension( 'CookieConsent' );
  • Configure as necessary to block cookies.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
[edit]
  • Dialog shown to the user when the first visit the wiki.
    Dialog shown to the user when the first visit the wiki.
  • Dialog shown when the user want to update their consent preferences.
    Dialog shown when the user want to update their consent preferences.

Changelog

[edit]

All notable changes to the CookieConsent project will be documented here.

The format is based on Keep a Changelog, and this extension adheres to Semantic Versioning.

2.2.0 - 2025-12-23

[edit]

Added

[edit]
  • Add $wgCookieConsentGeolocationParameters to configure additional query parameters to pass to the geolocation API.

Changed

[edit]
  • Changed the default geolocation API endpoint to pro.ip-api.com to ensure that users do not accidentally use the API on a commercial website without a subscription. Using the free API (ip-api.com) is still supported for non-commercial websites.

2.1.0 - 2025-11-25

[edit]

Added

[edit]
  • Add region detection to allow administrators of a wiki to only enable the cookie warning for certain countries (T406031).
  • Add $wgCookieConsentEnableGeolocation to enable or disable region detection.
  • Add $wgCookieConsentEnabledRegions to configure for which countries/regions the extension should be enabled.
  • Add $wgCookieConsentGeolocationEndpoint and $wgCookieConsentGeolocationField to configure which API to use for geolocation.

2.0.0 - 2025-09-16

[edit]

Added

[edit]
  • Add bundlesize definition in favor of calling enableOOUI. (by Jdlrobson)

Changed

[edit]
  • BREAKING: Renamed the data-src attribute to data-mw-src for iframe elements (T404475).
  • BREAKING: Renamed the data-cookieconsent attribute to data-mw-cookieconsent for iframe and script elements (T404475).
  • Localisation updates courtesy of translatewiki.net.

Fixed

[edit]
  • Fix use of the removed Html class alias for MediaWiki 1.44. (by Universal Omega)

1.0.0 - 2025-08-26

[edit]

Changed

[edit]
  • Tweak size of the window for the initial dialog.
  • Drop PHP version requirement from Composer.

0.2.0 - 2024-11-05

[edit]

Added

[edit]
  • Event (cookie-consent-tags-processed) that fires after tags have been processed (e.g. after all iframe and script tags that depend on consent have been re-enabled).

Fixed

[edit]
  • Increase the lifespan of the cookie that remembers that the dialog has been dismissed from 1 week to 1 year.
  • Fixed responsiveness issues on mobile.

0.1.0 - 2024-10-29

[edit]

Added

[edit]
  • Simple consent dialog for accepting all cookies immediately.
  • Detailed consent dialog for managing consent preferences.
  • Support for disabling iframe and script elements until cookies are accepted.

See also

[edit]
  • Extension:CookieWarning - Provides a simpler, less intrusive, but GDPR-incompliant cookie warning at the bottom of the page.
Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension:CookieConsent&oldid=8099838"