Module: Controllers::TrackingDetection

Extended by:

ActiveSupport::Concern

Included in:

ApplicationController, Www::CatalogController, Www::ProductsController

Defined in:

app/concerns/controllers/tracking_detection.rb

Overview

Bot detection and GDPR tracking controls

Provides methods for determining if a request should be tracked,
or blocked as a bot.

Usage:

In before_action

before_action :prevent_bots

In view for conditional tracking

<% if track_visitor? %>
<%= render_analytics %>
<% end %>

See: Tracking::Tracker for implementation details

Instance Method Summary

• #bot_request? ⇒ Boolean

  Check if request is from a known bot/crawler.

• #gdpr_country? ⇒ Boolean

  Is the user's country subject to GDPR policy?.

• #gdpr_country_data ⇒ Object

  Make GDPR country status available to client-side JavaScript.

• #prevent_bots ⇒ Object

  Block bots from accessing protected resources Use as before_action for actions that shouldn't be accessed by bots.

• #set_tracking_cookie ⇒ Object

  Set dnt2 cookie based on server-side tracking conditions This ensures edge-cached pages respect non-GDPR exclusion conditions.

• #track_visitor? ⇒ Boolean

  Check if visitor should be tracked (respects GDPR, internal IPs, bots, etc.).

Instance Method Details

#bot_request? ⇒ Boolean

Check if request is from a known bot/crawler

Returns:

• (Boolean)

# File 'app/concerns/controllers/tracking_detection.rb', line 27

def bot_request?
  Tracking::Tracker.bot_request?(request)
end

#gdpr_country? ⇒ Boolean

Is the user's country subject to GDPR policy?

Returns:

• (Boolean)

# File 'app/concerns/controllers/tracking_detection.rb', line 37

def gdpr_country?
  Tracking::Tracker.gdpr_country?(request)
end

#gdpr_country_data ⇒ Object

Make GDPR country status available to client-side JavaScript

# File 'app/concerns/controllers/tracking_detection.rb', line 42

def gdpr_country_data
  is_gdpr = gdpr_country?
  content_tag(:script, "window.isGdprCountry = #{is_gdpr};".html_safe)
end

#prevent_bots ⇒ Object

Block bots from accessing protected resources
Use as before_action for actions that shouldn't be accessed by bots

# File 'app/concerns/controllers/tracking_detection.rb', line 61

def prevent_bots
  return if Rails.env.test? # System tests (Playwright) appear as bots; skip in test
  return unless bot_request?

  msg = "Bot request detected and blocked: #{request.user_agent}"
  ErrorReporting.info(msg)
  head :forbidden
  nil
end

#set_tracking_cookie ⇒ Object

Set dnt2 cookie based on server-side tracking conditions
This ensures edge-cached pages respect non-GDPR exclusion conditions

# File 'app/concerns/controllers/tracking_detection.rb', line 49

def set_tracking_cookie
  return if request.cookies['dnt2'].present?
  return if Rails.env.development?

  should_not_track = !track_visitor?
  return unless should_not_track

  cookies['dnt2'] = { value: 'true', path: '/', expires: 1.year.from_now }
end

#track_visitor? ⇒ Boolean

Check if visitor should be tracked (respects GDPR, internal IPs, bots, etc.)

Returns:

• (Boolean)

# File 'app/concerns/controllers/tracking_detection.rb', line 32

def track_visitor?
  Tracking::Tracker.track_visitor?(request:)
end