TacJS
GDPR-compliant cookie consent management for Drupal using the tarteaucitron.js JavaScript library.
tacjs
Install
composer require 'drupal/tacjs:^7.0'
composer require 'drupal/tacjs:8.x-6.7'
Overview
TacJS integrates the popular tarteaucitron.js library to help Drupal websites comply with the European cookie law (GDPR). The module provides a customizable cookie consent banner that allows visitors to selectively accept or reject third-party services such as analytics, advertising, social media widgets, and embedded videos.
The module offers a comprehensive admin interface organized into three configuration tabs: Manage Dialog (banner appearance and behavior), Add Services (enable/configure individual third-party services), and Edit Texts (customize all user-facing text labels). All texts support token replacement for dynamic content.
TacJS supports hundreds of third-party services out-of-the-box including Google Analytics, Google Tag Manager, Facebook Pixel, YouTube, Vimeo, Dailymotion, Twitter, LinkedIn, and many more advertising, analytics, social, and video services. Each service can be individually enabled, configured per language, and customized with additional information links.
Features
- GDPR-compliant cookie consent banner with customizable appearance and position
- Support for 100+ pre-configured third-party services across advertising, analytics, social media, video, comments, support, and API categories
- Multi-language support with automatic detection and per-service language restrictions
- Customizable consent dialog texts with token support for dynamic content
- High privacy mode that disables auto-consent and requires explicit user action
- Browser Do Not Track (DNT) request handling
- Configurable cookie expiration period (1-365 days)
- Floating cookie management icon for returning visitors to modify their preferences
- Service grouping by category for cleaner consent panel organization
- Proof of consent logging via optional submodule (TacJS Log)
- Remote media integration with cookie consent for YouTube, Vimeo, and Dailymotion embeds via optional submodule (TacJS Media)
- Experimental feature to generate optimized JavaScript files containing only active services
- Extensible via hooks for adding custom third-party services
Use Cases
Basic GDPR Cookie Consent
Install TacJS and the tarteaucitron library, then configure the banner position and appearance. Enable high privacy mode to require explicit consent. The cookie banner will automatically appear on all non-admin pages.
Google Analytics with Cookie Consent
Enable the 'Google Analytics' service in the Add Services tab. Enter your GA tracking ID in the field that appears. Visitors must consent before GA scripts load and tracking begins.
YouTube Videos with Consent
Enable the TacJS Media submodule and the 'YouTube' service. Configure video fields to use the 'oEmbed content (TacJS integration)' formatter. Embedded YouTube videos will show a consent placeholder until visitors allow the video service.
Multi-language Cookie Consent
Configure different services for different languages by checking specific language boxes in each service's configuration. Customize consent texts for each language via the configuration translation system.
Consent Proof for Audits
Enable the TacJS Log submodule to record consent events. View the Overview tab to see all consent records with timestamps and IP addresses for GDPR compliance auditing.
Custom Third-Party Service
Implement hook_tacjs_content_alter() to add your custom service to the configuration form, then implement hook_tacjs_services_alter() to provide the JavaScript implementation. Your service will appear in the Add Services tab.
Tips
- Enable High Privacy mode for GDPR compliance - this disables implicit consent through scrolling or clicking
- Clear Drupal caches after enabling/disabling services if using the experimental active services JavaScript generation feature
- Use the hashtag feature (#tarteaucitron by default) to let visitors access cookie settings from any page via URL
- Grant the 'Administer TacJS' permission only to trusted administrators as it allows unfiltered text input
- Configure cookie expiration to balance user experience with privacy requirements - 365 days is the default
- Use the Token module integration to include dynamic site information in consent texts
Technical Details
Admin Pages 4
/admin/config/system/tacjs/manage-dialog
Configure the cookie consent banner appearance, behavior, and advanced settings. This is the primary configuration page for controlling how the consent dialog is displayed to visitors.
/admin/config/system/tacjs/add-services
Enable and configure individual third-party services for cookie consent management. Services are organized by category (ads, analytics, social, video, comments, support, API, other).
/admin/config/system/tacjs/edit-texts
Customize all user-facing text labels displayed in the cookie consent banner and management panel. All fields support Drupal tokens for dynamic content.
/admin/config/system/tacjs/overview
View stored proof of consent records including timestamps, IP addresses, and services allowed. Requires the TacJS Log submodule to be enabled.
Permissions 1
Hooks 2
hook_tacjs_content_alter
Allows modules to inject custom third-party services into the TacJS configuration form. Use this hook to add services not included in the default tarteaucitron.js library.
hook_tacjs_services_alter
Allows modules to inject custom service JavaScript definitions that will be included in the generated active services file. Use this hook to provide the actual tarteaucitron.js service implementation code.
Security Notes 3
- The 'Administer TacJS' permission allows entering unfiltered text that is output to visitors. Only grant this permission to fully trusted administrators to prevent XSS attacks.
- Consent logs in TacJS Log submodule store visitor IP addresses. Ensure your privacy policy discloses this data collection and implement appropriate data retention policies.
- Service-specific identifiers (like tracking IDs) are stored in configuration and passed to the browser. These are not secrets but consider the privacy implications.