This proposal outlines the creation of a new Flarum extension to provide robust, legally compliant consent management. Built to first-party quality standards to ensure deep integration and future compatibility, it would replace the outdated fof/cookie-consent with a modern solution featuring prior-consent script blocking, granular controls, auditable server-side logging, and native Google Consent Mode v2 (GCMv2) integration. This is essential for any Flarum admin serving EU users.

The Problem: A Critical Compliance Gap

This isn't just an inconvenience; it's a critical gap that makes it difficult to operate a Flarum forum legally and effectively in the EU.

Core Goals (The MVP)

To ensure a focused and achievable MVP, this extension will not initially include:

• Automated cookie scanning.
• Advanced GCMv2 features like "Advanced Implementation" (cookieless pings).
• Geolocation-based banner display.
  

---

Proposed Technical Solution

This extension is designed to be complementary to, not a replacement for, the official flarum/gdpr extension. They address two different, but equally critical, areas of compliance:

• fof/consent (this proposal): Manages cookie consent, script blocking, and GCMv2, fulfilling requirements from the ePrivacy Directive and GDPR Art. 7 (Conditions for consent).
• flarum/gdpr: Manages user data rights, such as the Right to Access (Art. 15) and the Right to Erasure (Art. 17).
  

A fully compliant forum will need both extensions working together.

3. Front-End Implementation (Mithril.js)

• A new ConsentBanner component will be injected into the main App layout.
• The banner's state (isVisible, preferences) will be managed by a global app.consent state object.
• Script Management: The proposed solution is to use Flarum's Formatter extender to parse the final HTML output. Scripts identified as non-essential will have their type attribute changed to text/plain, effectively disabling them.
  
  • Example: A script tagged with
    

This proposal outlines the creation of a new Flarum extension to provide robust, legally compliant consent management. Built to first-party quality standards to ensure deep integration and future compatibility, it would replace the outdated fof/cookie-consent with a modern solution featuring prior-consent script blocking, granular controls, auditable server-side logging, and native Google Consent Mode v2 (GCMv2) integration. This is essential for any Flarum admin serving EU users.

The Problem: A Critical Compliance Gap

This isn't just an inconvenience; it's a critical gap that makes it difficult to operate a Flarum forum legally and effectively in the EU.

Core Goals (The MVP)

To ensure a focused and achievable MVP, this extension will not initially include:

• Automated cookie scanning.
• Advanced GCMv2 features like "Advanced Implementation" (cookieless pings).
• Geolocation-based banner display.
  

---

Proposed Technical Solution

This extension is designed to be complementary to, not a replacement for, the official flarum/gdpr extension. They address two different, but equally critical, areas of compliance:

• fof/consent (this proposal): Manages cookie consent, script blocking, and GCMv2, fulfilling requirements from the ePrivacy Directive and GDPR Art. 7 (Conditions for consent).
• flarum/gdpr: Manages user data rights, such as the Right to Access (Art. 15) and the Right to Erasure (Art. 17).
  

A fully compliant forum will need both extensions working together.

3. Front-End Implementation (Mithril.js)

• A new ConsentBanner component will be injected into the main App layout.
• The banner's state (isVisible, preferences) will be managed by a global app.consent state object.
• Script Management: The proposed solution is to use Flarum's Formatter extender to parse the final HTML output. Scripts identified as non-essential will have their type attribute changed to text/plain, effectively disabling them.
  
  • Example: A script tagged with