Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: Decrease cookie expiration to 5 hours, only set cookie when necessary and only disable cookie if localeCookie: false is set #1487

Merged
merged 7 commits into from
Oct 30, 2024

Conversation

amannn
Copy link
Owner

@amannn amannn commented Oct 29, 2024

With this change, next-intl is now compliant with the latest GDPR requirements out of the box without any work necessary on the app developer side (see docs).

If you want to increase the cookie expiration, e.g. because you're informing users about the usage of cookies or if GDPR doesn't apply to you, you can use the maxAge attribute to do so:

// i18n/routing.tsx

import {defineRouting} from 'next-intl/routing';
 
export const routing = defineRouting({
  // ...
 
  localeCookie: {
    // Expire in one year
    maxAge: 60 * 60 * 24 * 365
  }
});

Breaking changes

  1. The maxAge attribute of the locale cookie is decreased from 1 year to 5 hours in order to be GDPR-compliant.
  2. The locale cookie is now only set when the user's language doesn't match a requested locale. E.g. a user with accept-language: 'en' will cause a cookie to be set when /de is requested to remember the preference for de. In case you've previously relied on NEXT_LOCALE to always be available, please consider reading the locale via getLocale.
  3. localeDetection: false previously ambiguously also disabled the cookie from being set. This is no longer the case. For consistency, you can now use the explicit localeCookie: false option instead.

Copy link

vercel bot commented Oct 29, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
next-intl-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 30, 2024 11:16am
next-intl-example-app-router ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 30, 2024 11:16am
next-intl-example-app-router-without-i18n-routing ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 30, 2024 11:16am

@amannn amannn changed the title feat!: Decrease cookie expiration to 5 hours and add GDPR docs feat!: Decrease cookie expiration to 5 hours and only disable cookie if localeCookie: false is set Oct 29, 2024
@amannn amannn mentioned this pull request Oct 29, 2024
6 tasks
@amannn amannn changed the title feat!: Decrease cookie expiration to 5 hours and only disable cookie if localeCookie: false is set feat!: Decrease cookie expiration to 5 hours, only set cookie when necessary and only disable cookie if localeCookie: false is set Oct 29, 2024
@amannn amannn marked this pull request as ready for review October 30, 2024 11:20
@amannn amannn merged commit b4e4d1d into v4 Oct 30, 2024
7 checks passed
@amannn amannn deleted the feat/cookie-gdpr branch October 30, 2024 11:21

Please note that legal requirements may vary by region, so it's advisable to verify them independently. While we strive to keep this information as up-to-date as possible, we cannot guarantee its accuracy.

</Details>
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jorgebef Would you by chance like to have a look if this matches your understanding?

See rendered version.

Some context: This PR includes a few changes to the cookie handling for next-intl@4 that should make the package GDPR-compliant out of the box.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant