django-iubenda 1.2.7

Django application for handling privacy and cookie policies configured with Iubenda.

django-iubenda

GitHub

Test

Compliance for websites and apps

Click here and get 10% discount on first year at Iubenda

Check Demo Project

• Check the demo repo on GitHub

Requirements

• Python +3.8 supported.
• Django +3.2 supported.

Setup

1. Install from pip:

pip install django-iubenda

2. Modify settings.py by adding the app to INSTALLED_APPS:

INSTALLED_APPS = (
    "modeltranslation",
    # ...
    "iubenda",
    # ...
)

3. Modify settings.py by adding the app's context processor to TEMPLATES:

TEMPLATES = [
    {
        # ...
        "OPTIONS": {
            "context_processors": [
                # ...
                "iubenda.context_processors.iubenda",
                # ...
            ],
        },
    },
]

4. Be sure the Django's Locale middleware is enabled inside settings.py:

MIDDLEWARE = (
    # ...
    "django.middleware.locale.LocaleMiddleware",
    # ...
)

5. Modify url.py by adding the app's urls to urlpatterns:

urlpatterns += [
    path("", include("iubenda.urls")),
]

6. Modify url.py by adding the app's sitemaps to sitemaps:

from iubenda.sitemaps import PrivacySitemap, CookieSitemap

sitemaps = {
    # ...
    "privacy": PrivacySitemap,
    "cookie": CookieSitemap,
    # ...
}

7. Be sure the variable LANGUAGE_CODE is available for HTML templates:

{% load i18n %}
{% get_current_language as LANGUAGE_CODE %}

8. Modify your project's template to add privacy and cookie policies. For example inside the footer.html add following code:

{% if not debug %}
    {% block iubenda %}{% include "iubenda/include-content.html" %}{% endblock iubenda %}
{% endif %}

Optional

Content Security Policy

If Content Security Policy are implemented in your server and inline scripts are disabled, the variable IUBENDA_CSP_NONCE can be set with nonce tag will be inserted script's nonce.

<script type="text/javascript" {% if cx_iubenda_nonce %}nonce="{{ cx_iubenda_nonce }}"{% endif %}>

Inside your webserver's configurations, a rule to dynamically replace your CONSTANT nonce in a random string is needed.

To allow external source from Iubenda domains, please implement these rules:

Content-Security-Policy:
    script-src-elem https://*.iubenda.com";
    img-src https://*.iubenda.com data:";
    style-src https://*.iubenda.com";
    connect-src https://*.iubenda.com";
    frame-src https://*.iubenda.com";

If you prefer to not allow unsafe-inline inside your CSP, please also add the two specific hash for your script prompted as error in Javascript Console.

# Iubenda Privacy And Cookie Policy - API
Content-Security-Policy:
    ...
    script-src-elem https://*.iubenda.com 'sha256-YOUR-FIRST-HASH-PROMPTED-INSIDE-CONSOLE' 'sha256-YOUR-SECOND-HASH-PROMPTED-INSIDE-CONSOLE';
    ...

Check this article from Iubenda help

Iubenda's Options

(To-Do: new feuture)

To personalize the Iubenda script behaviour, the dict IUBENDA_OPTIONS can be configured inside settings.py

IUBENDA_OPTIONS = {
    "ccpaAcknowledgeOnDisplay": "true",
    "ccpaApplies": "true",
    "consentOnContinuedBrowsing": "false",
    "enableCcpa": "true",
    "floatingPreferencesButtonDisplay": "bottom-left",
    "invalidateConsentWithoutLog": "true",
    "perPurposeConsent": "true",
    "whitelabel": "false",
    "banner": {
        "acceptButtonDisplay": "true",
        "backgroundOverlay": "true",
        "closeButtonRejects": "true",
        "customizeButtonDisplay": "true",
        "explicitWithdrawal": "true",
        "fontSize": "14px",
        "listPurposes": "true",
        "position": "float-center",
        "rejectButtonDisplay": "true",
    },
}

Run Example Project

git clone --depth=50 --branch=django-iubenda https://github.com/DLRSP/example.git DLRSP/example
cd DLRSP/example
python manage.py runserver

Now browser the app @ http://127.0.0.1:8000