Skip to content

Add Dux active consent banner to polaris-react.shopify.com #14007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Add Dux active consent banner to polaris-react.shopify.com #14007

wants to merge 11 commits into from
+1,011 −475

Conversation

matthalliday
Copy link
Member

WHY are these changes introduced?

Google Analytics cookies (_ga, _ga_*, _gid) were being set immediately on page load without user consent on polaris.shopify.com, potentially violating GDPR and other privacy regulations in regions like the EU.

WHAT is this pull request doing?

Implements consent-based Google Analytics tracking using Shopify Dux to ensure GDPR compliance for the Polaris documentation site.

  • Integrated @shopify/dux (v4.4.0) for consent management with granular consent controls
  • Google Analytics now loads only after users explicitly consent to both analytics AND marketing tracking
  • Implemented the Dux <ActiveConsent> banner that appears in GDPR regions
  • Dynamic script loading ensures no tracking occurs before consent is granted
  • Currently hard-coding countryCode="GB" to force the consent banner to show everywhere for testing (could possibly be replaced with actual geo-detection from Cloudflare request headers to show only in GDPR countries)
  • Language is hard-coded to locale="en" as the site content is only available in English

Key Changes:

  • Added Dux component with granular consent configuration
  • Moved Google Analytics initialization behind consent checks via the CMP API
  • Required both hasConsentedAnalytics and hasConsentedMarketing for GA activation
  • Maintained production-only tracking for route changes to prevent development data pollution

How to 🎩

  1. Run pnpm dev in the polaris.shopify.com directory
  2. The consent banner will appear (configured for GB region by default)
  3. Verify no GA cookies exist before accepting consent (check Application > Cookies in DevTools)
  4. Accept both analytics and marketing consent
  5. Confirm GA cookies (_ga, _ga_*, _gid) are set only after consent

Impact & Risks:

  • Privacy: Full GDPR compliance with explicit user consent before any tracking
  • User Experience: Minimal - users see a consent banner (currently all users due to GB hard-coding)
  • Analytics: No impact on data quality - only consented users are tracked
  • Performance: Negligible - scripts load dynamically after consent
  • Risk: Low - follows Shopify's standard Dux consent patterns with graceful fallback
  • No breaking changes: Existing functionality remains intact

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matthalliday