Awesome Open Source
Awesome Open Source


Gem Version Build Status Code Climate Dependency Status Coverage Status Inline docs

This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive' whereby a user needs to provide implied consent before any data can be stored on his machine.


Add this line to your application's Gemfile:

gem 'rack-policy'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rack-policy


By default when the Rack application is loaded no cookies will be set(provided no session cookies already exist), and any existing session cookies will be destroyed. Throughout the request cycle cookies now won't be set until the user has given explicit consent. This can be controlled by setting consent token

Rack::Policy::CookieLimiter, consent_token: 'allow_me'

The very same consent_token is used to toggle the limiter behaviour.

The cookies_accepted? view helper method is automatically loaded for Rails, Sinatra & Padrino apps.


Adding Rack::Policy::CookieLimiter to Rack applications

Rails 3.x

# config/application.rb
require 'rack/policy'

class Application < Rails::Application
  config.middleware.insert_before ActionDispatch::Cookies, Rack::Policy::CookieLimiter, consent_token: 'rack.policy'

And then in your custom controller create actions responsible for setting and unsetting cookie policy

class CookiePolicyController < ApplicationController

  def allow
    response.set_cookie 'rack.policy', {
      value: 'true',
      path: '/',
      expires: 1.year.from_now.utc
    render nothing: true

  def deny
    response.delete_cookie 'rack.policy'
    render nothing: true

Finally, in your view you can use helper method cookies_accepted? to display/toggle cookie information

<% cookies_accepted? do %>
  Accepted Cookies!
<% end %>


<% if cookies_accepted? %>
  Accepted Cookies!
<% else %>
  Cookies Not Accepted!
<% end %>

Rails 2.x

# config/environment do |config|
  require 'rack/policy'
  config.middleware.insert_before Rack::Lock, Rack::Policy::CookieLimiter, consent_token: 'rack.policy'

Set and unset cookie consent in your controller and modify views logic in similar way to Rails 3.x example.


For classic style sinatra application do

#!/usr/bin/env ruby -rubygems
require 'sinatra'
require 'rack/policy'

configure do
  use Rack::Policy::CookieLimiter, consent_token: 'rack.policy'

get('/') { "Allow cookies to be set? <a href='/allow'>Allow</a>" }

get('/allow') { response.set_cookie 'rack.policy' }

get('/deny') { response.delete_cookie 'rack.policy' }

Similiar to Rails 3.x example you can use cookies_accpeted? helper to manage view logic related to cookie policy information.


#!/usr/bin/env ruby -rubygems
require 'padrino'
require 'rack/policy'

class MyApp < Padrino::Application
  use Rack::Policy::CookieLimiter, consent_token: 'rack.policy'


#!/usr/bin/env rackup
require 'rack/policy'

use Rack::Policy::CookieLimiter, consent_token: 'rack.policy'

run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.


Copyright (c) 2012-2016 Piotr Murach. See LICENSE for further details.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
ruby (12,328
rails (647
cookie (66
sinatra (44

Find Open Source By Browsing 7,000 Topics Across 59 Categories