At the moment Discourse embed YouTube videos with the standard URL. However, Grav rewrites URLs automatically so that it uses the YouTube privacy enhanced mode. Which doesn’t store tracking cookies when people do not play the video. This feature makes cookie/privacy policies a bit easier to write. Is this something Discourse can introduce as well?
Below is a snippet of what Grav automatically generates when inserting a YouTube video into a page. More info about this Grav plugin here.
<div class="grav-youtube-wrapper ">
<iframe src="https://www.youtube-nocookie.com/embed/th5KmL-tTI0?cc_load_policy=1&color=white&modestbranding=1&rel=0" frameborder="0" allowfullscreen></iframe>
This is still an issue with European data protection agencies focusing on everything Google.
Would it be an idea to just change the Youtube oneboxing code to always use
youtube-nocookie.com instead of
Would you be accepting a PR for this? @codinghorror @sam ?
We have considered this in the past, but it will have a negative impact on the UX. youtube-nocookie.com doesn’t link viewing activity to your YouTube account, so things like viewing history, recommendations, etc. will stop working.
Note that our YouTube onebox implementation only loads youtube iframe after the user clicks on the thumbnail, so cookies will not be set unless the user interacts with the embed.
That said, adding support for youtube-nocookie.com behind a site setting (or maybe… via a theme component - I think it should be possible ) would likely be welcome.
A PR is always welcome! Especially if it is a setting. Thank you!