npm - @eturnity/eturnity_reusable_components - Versions diffs - 9.19.1 → 9.19.2 - Mend

@eturnity/eturnity_reusable_components 9.19.1 → 9.19.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +97 -0
package/dist/eturnity-consent-bridge.md +207 -0
package/dist/eturnity-consent-bridge.min.js +1 -0
package/package.json +10 -3
package/src/components/modals/cookieConsent/CookieConsent.vue +3 -15
package/src/helpers/cookieHelper.js +205 -18
package/src/utils/eturnity-consent-bridge.js +541 -0

package/README.md CHANGED Viewed

@@ -115,3 +115,100 @@ https://docs.npmjs.com/about-semantic-versioning
 npm publish
 ```
+## Provided assets release flow (per-asset version tags)
+Customers load provided files from jsDelivr using stable tag-based URLs:
+```html
+<script src="https://cdn.jsdelivr.net/npm/@eturnity/eturnity_reusable_components@latest-consent-bridge/dist/eturnity-consent-bridge.min.js"></script>
+```
+Consent bridge integration documentation is maintained in `docs/eturnity-consent-bridge.md` and published to:
+```text
+https://cdn.jsdelivr.net/npm/@eturnity/eturnity_reusable_components@latest-consent-bridge/dist/eturnity-consent-bridge.md
+```
+Provided files and docs are configured in `provided-assets.config.js`. Script and doc entries can both define their own `versionTag` (for example `latest-consent-bridge`). Because customers keep these URLs unchanged, we update what they receive by moving those npm dist-tags to a published package version.
+### Build and publish behavior
+- `npm run build` runs `vite build` (library), `npm run build:provided-files` (JS CDN bundles), and `npm run copy:provided-docs` (published docs).
+- `npm run build:provided-files` builds files listed in `provided-assets.config.js` into `dist/*.min.js`.
+- `npm run copy:provided-docs` copies docs listed in `provided-assets.config.js` into `dist/*.md`.
+- `npm run verify:provided-files` checks expected provided files exist in `dist/` and are non-empty.
+- `npm run verify:provided-docs` checks expected provided docs exist in `dist/` and are non-empty.
+- `prepack` and `prepublishOnly` run both verification steps to reduce broken publish risk.
+### Standard release steps
+1. Publish a new immutable npm version:
+```bash
+npm publish
+```
+2. Optional: promote provided-asset tag(s) so customer script/doc URLs point to that version.
+Use this only if you want to update what customers receive from stable CDN tag URLs:
+Script options (`--dry-run`, `--version=…`, `--name=…`, and combinations)
+```bash
+# Preview planned commands only (no npm dist-tag, no registry wait, no cache purge, no CDN verification).
+npm run promote:provided-files-tag -- --dry-run
+```
+```bash
+# Promote all configured promotable assets to package.json version.
+npm run promote:provided-files-tag
+```
+```bash
+# Promote all configured promotable assets to a specific published version.
+npm run promote:provided-files-tag -- --version=9.16.0
+```
+```bash
+# Promote one specific promotable asset by name (uses package.json version).
+npm run promote:provided-files-tag -- --name=eturnity-consent-bridge
+```
+```bash
+# Promote one specific promotable asset by name to a specific version.
+npm run promote:provided-files-tag -- --name=eturnity-consent-bridge --version=9.16.0
+```
+When promotion is used, the script:
+1. updates npm dist-tag(s) for selected promotable asset(s)
+2. waits until npm registry serves updated dist-tag value(s)
+3. purges jsDelivr cache for selected promotable asset(s)
+4. verifies CDN serves promoted version bytes
+Optional tuning via environment variables:
+- `PROMOTE_TAG_REGISTRY_RETRIES` (default `24`)
+- `PROMOTE_TAG_REGISTRY_INTERVAL_MS` (default `5000`)
+- `PROMOTE_TAG_VERIFY_RETRIES` (default `12`)
+- `PROMOTE_TAG_VERIFY_INTERVAL_MS` (default `5000`)
+### Optional rollback (re-point customer URL to older stable package)
+If a promoted version is broken, you can optionally promote a previously published version:
+```bash
+npm run promote:provided-files-tag -- --version=<older-published-version>
+```
+```bash
+# Roll back only one promotable asset tag.
+npm run promote:provided-files-tag -- --name=eturnity-consent-bridge --version=<older-published-version>
+```
+Example:
+```bash
+npm run promote:provided-files-tag -- --version=9.15.2
+```

package/dist/eturnity-consent-bridge.md ADDED Viewed

@@ -0,0 +1,207 @@
+# eturnityConsentBridge
+Lightweight browser bridge for synchronizing consent-related cookie payloads between a host page and an embedded Eturnity iframe via `postMessage`.
+## Overview
+`eturnityConsentBridge` is a public browser/CDN script that exposes a global function:
+- `window.eturnityConsentBridge(...)`
+- `eturnityConsentBridge(...)`
+It is designed for third-party embedding on customer websites and supports multiple bridge instances (multiple iframes) on the same page.
+## Features
+- Global API for plain HTML and JavaScript-based script injection flows
+- Safe message routing per iframe instance using `event.source` and origin checks
+- Idempotent initialization for repeated calls with the same iframe ID
+- Non-throwing input validation (returns `null` on invalid init input)
+- Cookie fallback persistence and replay on iframe sync-ready handshake
+- Optional debug logging with `logs: true`
+- Lifecycle helpers: per-instance and global cleanup
+## Installation
+### 1) CDN script tag
+```html
+<script src="https://ABSOLUTE_CDN_LINK/eturnity-consent-bridge.min.js"></script>
+```
+### 2) Dynamic script injection
+```js
+const script = document.createElement('script')
+script.src = 'https://ABSOLUTE_CDN_LINK/eturnity-consent-bridge.min.js'
+script.async = true
+script.addEventListener('load', () => {
+  window.eturnityConsentBridge('my-iframe-id', { type: 'solar_calculator' })
+}, { once: true })
+document.body.appendChild(script)
+```
+## Usage
+After the script is loaded, initialize per iframe:
+```js
+eturnityConsentBridge('my-iframe-id', {
+  type: 'solar_calculator',
+  logs: false,
+})
+```
+Initialization returns:
+- instance object on success
+- `null` when validation fails
+The iframe can be missing at init time; the bridge will keep trying to resolve it during message handling.
+## Message Contract
+All message names are namespaced by selected `type`:
+- `eturnity_<type>_cookie_sync_ready` (iframe -> host)
+- `eturnity_<type>_cookie_fallback` (iframe -> host)
+- `eturnity_<type>_cookie_delete` (iframe -> host)
+- `eturnity_<type>_cookie_sync` (host -> iframe)
+### Payloads
+- `cookie_fallback` payload:
+  - `{ cookieName: string, cookieValue: string }`
+- `cookie_delete` payload:
+  - `{ cookieName: string }`
+- `cookie_sync` payload for set/update replay:
+  - `{ cookieName: string, cookieValue: string }`
+- `cookie_sync` payload for delete replay:
+  - `{ cookieName: string, isDeleted: true }`
+`isDeleted: true` is the delete marker for iframe listeners.
+### Replay lifecycle (important)
+Stored cookie replay can be triggered in two safe ways:
+- **on init**: right after bridge initialization (`eturnityConsentBridge(...)`)
+- **on handshake**: when iframe sends `eturnity_<type>_cookie_sync_ready`
+The init replay exists to avoid reload race conditions where the iframe handshake might be sent before the host bridge is fully attached.
+Delete events are also synchronized: when iframe sends `eturnity_<type>_cookie_delete`, host removes that entry from its cache and then emits `eturnity_<type>_cookie_sync` with `{ cookieName, isDeleted: true }`.
+## API
+### `eturnityConsentBridge(iframeId, options)`
+Creates or updates a bridge instance for a target iframe.
+- **`iframeId`**: `string` (required)
+  - Accepts values with or without leading `#`
+- **`options`**: `object` (required)
+  - See [Options](#options)
+**Returns**
+- `BridgeInstance` on success
+- `null` on invalid input
+### `eturnityConsentBridge.destroy(iframeId)`
+Destroys one bridge instance.
+- Returns `true` if an instance was removed, otherwise `false`.
+### `eturnityConsentBridge.destroyAll()`
+Destroys all bridge instances and removes the shared `message` listener when no instances remain.
+### `BridgeInstance.destroy()`
+Returned instance includes `destroy()` to remove itself.
+## Options
+```ts
+type BridgeOptions = {
+  type: 'solar_calculator' | 'heating_calculator' | 'e_mobility_configurator'
+  logs?: boolean
+}
+```
+- **`type`** (required): selects internal message/cookie namespace
+- **`logs`** (optional, default `false`): enables verbose console logging for this instance
+Unknown option keys are ignored.
+## Examples
+### Basic
+```html
+<iframe id="eturnity-solar" src="https://example-iframe-host/path"></iframe>
+<script src="https://ABSOLUTE_CDN_LINK/eturnity-consent-bridge.min.js"></script>
+<script>
+  eturnityConsentBridge('eturnity-solar', { type: 'solar_calculator' })
+</script>
+```
+### Multiple iframes on one page
+```js
+eturnityConsentBridge('solar-iframe', { type: 'solar_calculator' })
+eturnityConsentBridge('heating-iframe', { type: 'heating_calculator', logs: true })
+```
+### Re-initialize same iframe (idempotent update)
+```js
+eturnityConsentBridge('solar-iframe', { type: 'solar_calculator', logs: false })
+eturnityConsentBridge('solar-iframe', { type: 'solar_calculator', logs: true }) // updates existing instance
+```
+### Cleanup
+```js
+const instance = eturnityConsentBridge('solar-iframe', { type: 'solar_calculator' })
+instance && instance.destroy()
+eturnityConsentBridge.destroy('heating-iframe')
+eturnityConsentBridge.destroyAll()
+```
+## Troubleshooting
+### `Missing iframe id` or `Invalid options.type`
+- Ensure `iframeId` is a non-empty string.
+- Ensure `options.type` is one of:
+  - `solar_calculator`
+  - `heating_calculator`
+  - `e_mobility_configurator`
+### `Iframe ... was not found during initialization`
+- Verify iframe ID matches exactly.
+- If iframe is rendered later, you can initialize early; bridge resolves context again during runtime.
+### `Could not resolve iframe origin`
+- Ensure iframe has a valid `src` URL.
+### `Ignoring ... due to origin mismatch`
+- Host and iframe messaging origins must match the iframe `src` origin resolved by the bridge.
+### Why replay may happen before `cookie_sync_ready`
+- This is expected behavior: replay on init is intentional and does not depend on handshake timing.
+- In some page-load orders, the iframe can emit `cookie_sync_ready` before the host bridge listener is attached; in that case you may not see a handshake log.
+- This does not break integration: the iframe consumes `eturnity_<type>_cookie_sync` messages directly, and `cookie_sync_ready` is only a replay signal from iframe to host.
+### Cookie warning on non-HTTPS host
+- The bridge writes cookies with `Secure`; on non-HTTPS pages browsers may reject persistence.
+- Use HTTPS in production embedding environments.

package/dist/eturnity-consent-bridge.min.js ADDED Viewed

@@ -0,0 +1 @@

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@eturnity/eturnity_reusable_components",
-  "version": "9.19.1",
+  "version": "9.19.2",
   "files": [
     "dist",
     "src"
@@ -10,7 +10,13 @@
   "private": false,
   "scripts": {
     "dev": "vite",
-    "build": "vite build",
+    "build": "vite build && npm run build:provided-files && npm run copy:provided-docs",
+    "build:provided-files": "node scripts/build-provided-files.js",
+    "verify:provided-files": "node scripts/verify-provided-files.js",
+    "copy:provided-docs": "node scripts/copy-provided-docs.js",
+    "verify:provided-docs": "node scripts/verify-provided-docs.js",
+    "purge:provided-files-cache": "node scripts/purge-provided-files-cache.js",
+    "promote:provided-files-tag": "node scripts/promote-provided-files-tag.js",
     "lint": "vue-cli-service lint",
     "storybook": "storybook dev -p 6006",
     "build-storybook": "storybook build",
@@ -18,7 +24,8 @@
     "test": "jest",
     "test-coverage": "jest --coverage",
     "merge-remote-master": "node scripts/merge-remote-master.js",
-    "prepublishOnly": "npm run test && npm run build"
+    "prepack": "npm run verify:provided-files && npm run verify:provided-docs",
+    "prepublishOnly": "npm run test && npm run build && npm run verify:provided-files && npm run verify:provided-docs"
   },
   "peerDependencies": {
     "vue": "^3.0.0",

package/src/components/modals/cookieConsent/CookieConsent.vue CHANGED Viewed

@@ -40,7 +40,7 @@
   import IconComponent from '../../icon'
   import ToggleComponent from '../../inputs/toggle'
   import MainButton from '../../buttons/mainButton'
-  import { saveCookieConsent } from '../../../helpers/cookieHelper'
+  import { getCookieValue, saveCookieConsent } from '../../../helpers/cookieHelper'
   const ModalContainer = styled.div`
     box-sizing: border-box;
@@ -155,7 +155,7 @@
     },
     methods: {
       loadCookieState() {
-        const cookieValue = this.getCookieValue('cookieConsent')
+        const cookieValue = getCookieValue('cookieConsent')
         if (cookieValue) {
           try {
             const cookieData = JSON.parse(cookieValue)
@@ -186,18 +186,6 @@
         })
         return filtered
       },
-      getCookieValue(cookieName) {
-        const name = cookieName + '='
-        const decodedCookie = decodeURIComponent(document.cookie)
-        const cookieArray = decodedCookie.split(';')
-        for (let i = 0; i < cookieArray.length; i++) {
-          let cookie = cookieArray[i].trim()
-          if (cookie.indexOf(name) === 0) {
-            return cookie.substring(name.length, cookie.length)
-          }
-        }
-        return null
-      },
       isToggleChecked(choice) {
         // Check if the option is required - if so, always return true
         const option = this.toggleOptions.find((opt) => opt.choice === choice)
@@ -220,7 +208,7 @@
           return
         }
-        const cookieValue = this.getCookieValue('cookieConsent')
+        const cookieValue = getCookieValue('cookieConsent')
         if (cookieValue) {
           try {

package/src/helpers/cookieHelper.js CHANGED Viewed

@@ -1,29 +1,216 @@
-export function saveCookieConsent(categories) {
-  // Create cookie data object with categories, timestamp, and consent_given
-  const cookieData = {
-    categories,
-    timestamp: new Date().toISOString(),
-    consent_given: true
+export function isRunningInIframe() {
+  return typeof window !== 'undefined' && window.self !== window.top
+}
+// ---------------------------------------------------------------------------
+// Iframe cookie sync (parent page ↔ iframe)
+//
+// In an iframe, cookies may not be readable right after normal document.cookie = STRING
+// (ITP / third-party restrictions). We mirror the intended value in
+// syncedCookieFallback so getCookieValue() returns it immediately;
+// the host receives `eturnity_<consentBridgeAppType>_cookie_fallback` via postMessage
+// to persist and echo `eturnity_<consentBridgeAppType>_cookie_sync`.
+// On load, the parent's replay also fills syncedCookieFallback via that message.
+// ---------------------------------------------------------------------------
+const syncedCookieFallback = {}
+let cookieSyncListenerAttachedToParent = false
+let consentBridgeAppType = null
+let parentCookieSyncOrigin = null
+function hasKnownParentCookieSyncOrigin() {
+  const hasKnownOrigin = typeof parentCookieSyncOrigin === 'string' && parentCookieSyncOrigin.trim() !== ''
+  if (!hasKnownOrigin) {
+    console.warn('[cookieHelper] Cannot sync cookie to parent: origin unknown. Skipping.')
+  }
+  return hasKnownOrigin
+}
+function readSyncedCookieFallback(cookieName) {
+  if (!cookieName || typeof cookieName !== 'string') return null
+  return Object.prototype.hasOwnProperty.call(syncedCookieFallback, cookieName)
+    ? syncedCookieFallback[cookieName]
+    : null
+}
+function clearSyncedCookieFallback(cookieName) {
+  if (!cookieName || typeof cookieName !== 'string') return
+  if (Object.prototype.hasOwnProperty.call(syncedCookieFallback, cookieName)) {
+    delete syncedCookieFallback[cookieName]
   }
+}
+function saveSyncedCookieFallback(cookieName, cookieValue) {
+  if (!cookieName || typeof cookieName !== 'string') return
+  syncedCookieFallback[cookieName] = cookieValue
+}
+function getParentOriginFromReferrer() {
+  if (typeof document === 'undefined' || !document.referrer) return null
+  try {
+    return new URL(document.referrer).origin
+  } catch (_) {
+    return null
+  }
+}
+function getCookieAttributes() {
+  const sameSite = isRunningInIframe() ? 'None' : 'Lax'
+  let attributes = `path=/; sameSite=${sameSite}`
+  if (window.location.protocol === 'https:') {
+    attributes += '; Secure'
+  }
+  return attributes
+}
+export function setupParentCookieSyncListener(options = {}) {
+  if (typeof window === 'undefined' || !isRunningInIframe()) return
+  consentBridgeAppType = typeof options?.consentBridgeAppType === 'string' ? options.consentBridgeAppType : null
+  const onCookieSync = typeof options?.onCookieSync === 'function' ? options.onCookieSync : null
+  parentCookieSyncOrigin =
+    typeof options?.parentOrigin === 'string' && options.parentOrigin.trim()
+      ? options.parentOrigin.trim()
+      : getParentOriginFromReferrer()
+  if (consentBridgeAppType && !cookieSyncListenerAttachedToParent) {
+    window.addEventListener('message', (event) => {
+      if (
+        event.source !== window.parent ||
+        !hasKnownParentCookieSyncOrigin() ||
+        event.origin !== parentCookieSyncOrigin ||
+        !event.data ||
+        event.data.type !== `eturnity_${consentBridgeAppType}_cookie_sync`
+      ) {
+        return
+      }
+      const payload = event.data.payload || {}
+      if (!payload.cookieName || typeof payload.cookieName !== 'string') return
+      if (payload.isDeleted === true) {
+        clearSyncedCookieFallback(payload.cookieName)
+      } else if (typeof payload.cookieValue === 'string') {
+        saveSyncedCookieFallback(payload.cookieName, payload.cookieValue)
+      }
+      if (typeof onCookieSync === 'function') {
+        onCookieSync(payload)
+      }
+    })
+    cookieSyncListenerAttachedToParent = true
+  }
+  // Tell the parent it can start sending sync messages (optional handshake for embed integrations).
+  if (
+    hasKnownParentCookieSyncOrigin() &&
+    window.parent &&
+    typeof window.parent.postMessage === 'function'
+  ) {
+    window.parent.postMessage(
+      { type: `eturnity_${consentBridgeAppType}_cookie_sync_ready` },
+      parentCookieSyncOrigin
+    )
+  }
+}
+function getRawCookieValue(cookieName) {
+  const name = `${cookieName}=`
+  const decodedCookie = decodeURIComponent(document.cookie)
+  const cookieArray = decodedCookie.split(';')
+  for (let i = 0; i < cookieArray.length; i++) {
+    const cookie = cookieArray[i].trim()
+    if (cookie.indexOf(name) === 0) {
+      return cookie.substring(name.length, cookie.length)
+    }
+  }
+  return null
+}
+export function getCookieValue(cookieName) {
+  const rawCookieValue = getRawCookieValue(cookieName)
+  if (rawCookieValue !== null) {
+    return rawCookieValue
+  }
+  return readSyncedCookieFallback(cookieName)
+}
+export function setCookieWithThirdPartyFallback(cookieName, cookieValue) {
+  // If the cookie value is not immediately readable after
+  // document.cookie = cookieStr (common in third-party iframes), we keep the intended
+  // value in syncedCookieFallback and notify the parent to persist it.
+  if (!cookieName || typeof cookieName !== 'string' || typeof cookieValue !== 'string') return
-  const cookieString = JSON.stringify(cookieData)
   const expiryDate = new Date()
   expiryDate.setMonth(expiryDate.getMonth() + 6)
+  let cookieStr = `${cookieName}=${encodeURIComponent(
+    cookieValue
+  )}; expires=${expiryDate.toUTCString()}; ${getCookieAttributes()}`
-  let cookieStr = `cookieConsent=${encodeURIComponent(
-    cookieString
-  )}; expires=${expiryDate.toUTCString()}; path=/`
+  document.cookie = cookieStr
+  let storedCookie = getRawCookieValue(cookieName)
-  const isEmbedded = window.self !== window.top
-  const isHttps = window.location.protocol === 'https:'
+  if (
+    storedCookie !== cookieValue &&
+    isRunningInIframe() &&
+    hasKnownParentCookieSyncOrigin() &&
+    window.parent &&
+    typeof window.parent.postMessage === 'function'
+  ) {
+    saveSyncedCookieFallback(cookieName, cookieValue)
+    if (consentBridgeAppType) {
+      window.parent.postMessage(
+        {
+          type: `eturnity_${consentBridgeAppType}_cookie_fallback`,
+          payload: {
+            cookieName,
+            cookieValue
+          }
+        },
+        parentCookieSyncOrigin
+      )
+    }
+    storedCookie = getCookieValue(cookieName)
+  }
-  const sameSite = (isEmbedded && isHttps) ? 'None' : 'Lax'
-  cookieStr += `; sameSite=${sameSite}`
+  return storedCookie === cookieValue
+}
-  // Add Secure flag for HTTPS
-  if (isHttps) {
-    cookieStr += '; Secure'
-  }
+export function deleteCookieWithThirdPartyFallback(cookieName) {
+  if (!cookieName || typeof cookieName !== 'string') return false
+  const cookieStr = `${cookieName}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; ${getCookieAttributes()}`
   document.cookie = cookieStr
+  clearSyncedCookieFallback(cookieName)
+  if (
+    isRunningInIframe() &&
+    hasKnownParentCookieSyncOrigin() &&
+    window.parent &&
+    typeof window.parent.postMessage === 'function' &&
+    consentBridgeAppType
+  ) {
+    window.parent.postMessage(
+      {
+        type: `eturnity_${consentBridgeAppType}_cookie_delete`,
+        payload: { cookieName }
+      },
+      parentCookieSyncOrigin
+    )
+  }
+  const storedCookie = getCookieValue(cookieName)
+  return storedCookie === null
+}
+export function saveCookieConsent(categories) {
+  const cookieData = {
+    categories,
+    timestamp: new Date().toISOString(),
+    consent_given: true
+  }
+  setCookieWithThirdPartyFallback(
+    'cookieConsent',
+    JSON.stringify(cookieData)
+  )
 }

package/src/utils/eturnity-consent-bridge.js ADDED Viewed

@@ -0,0 +1,541 @@
+;(() => {
+  const API_NAME = 'eturnityConsentBridge'
+  const STATE_KEY = '__eturnityConsentBridgeState__'
+  const CONSENT_COOKIE_MONTHS = 6
+  const SUPPORTED_TYPES = [
+    'solar_calculator',
+    'heating_calculator',
+    'e_mobility_configurator',
+  ]
+  if (typeof window === 'undefined' || typeof document === 'undefined') return
+  const sharedState = globalThis[STATE_KEY] || {
+    instancesByIframeId: new Map(),
+    messageListenerAttached: false,
+    api: null,
+  }
+  globalThis[STATE_KEY] = sharedState
+  if (typeof sharedState.api === 'function') {
+    window[API_NAME] = sharedState.api
+    globalThis[API_NAME] = sharedState.api
+    return
+  }
+  const getTypeConfig = (type) => {
+    return {
+      consentCookieName: `eturnity_${type}_consent`,
+      cookieSyncReadyMessage: `eturnity_${type}_cookie_sync_ready`,
+      cookieFallbackMessage: `eturnity_${type}_cookie_fallback`,
+      cookieDeleteMessage: `eturnity_${type}_cookie_delete`,
+      cookieSyncMessage: `eturnity_${type}_cookie_sync`,
+    }
+  }
+  const normalizeIframeId = (iframeId) => {
+    if (typeof iframeId !== 'string') return ''
+    return iframeId.trim().replace(/^#/, '')
+  }
+  const isPlainObject = (value) => {
+    return Object.prototype.toString.call(value) === '[object Object]'
+  }
+  const readMessageType = (data) => {
+    if (!isPlainObject(data) || typeof data.type !== 'string') return ''
+    return data.type
+  }
+  const log = (instance, message, details) => {
+    if (!instance || !instance.logs) return
+    const prefix = `[eturnityConsentBridge:${instance.iframeId}]`
+    if (typeof details === 'undefined') {
+      console.log(`${prefix} ${message}`)
+      return
+    }
+    console.log(`${prefix} ${message}`, details)
+  }
+  const getHostCookieAttributes = () => {
+    let attributes = 'path=/; SameSite=Lax'
+    if (window.location.protocol === 'https:') {
+      attributes += '; Secure'
+    }
+    return attributes
+  }
+  const setCookie = (name, value, months) => {
+    // Use calendar months so host and iframe expiry stay aligned.
+    try {
+      const expiresAt = new Date()
+      expiresAt.setMonth(expiresAt.getMonth() + months)
+      document.cookie = `${name}=${encodeURIComponent(
+        value
+      )}; expires=${expiresAt.toUTCString()}; ${getHostCookieAttributes()}`
+      return true
+    } catch (error) {
+      console.warn(
+        `[eturnityConsentBridge] Failed to write cookie "${name}".`,
+        error
+      )
+      return false
+    }
+  }
+  const deleteCookie = (name) => {
+    try {
+      document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; ${getHostCookieAttributes()}`
+      return true
+    } catch (error) {
+      console.warn(
+        `[eturnityConsentBridge] Failed to delete cookie "${name}".`,
+        error
+      )
+      return false
+    }
+  }
+  const getCookie = (name) => {
+    try {
+      const prefix = `${name}=`
+      const parts = document.cookie.split(';')
+      for (let i = 0; i < parts.length; i += 1) {
+        const part = parts[i].trim()
+        if (part.indexOf(prefix) === 0) {
+          return decodeURIComponent(part.substring(prefix.length))
+        }
+      }
+      return null
+    } catch (error) {
+      console.warn(`[eturnityConsentBridge] Failed to read cookie "${name}".`, error)
+      return null
+    }
+  }
+  const readStoredSyncedCookies = (consentCookieName) => {
+    // Stored cookie format: { [cookieName]: { cookieValue, updatedAt } }
+    const raw = getCookie(consentCookieName)
+    if (!raw) return {}
+    try {
+      const parsed = JSON.parse(raw)
+      if (!parsed || typeof parsed !== 'object') return {}
+      return parsed
+    } catch (error) {
+      console.warn(
+        `[eturnityConsentBridge] Invalid JSON in "${consentCookieName}" cookie. Ignoring stored value.`
+      )
+      return {}
+    }
+  }
+  const persistSyncedCookie = (instance, cookieName, cookieValue) => {
+    // Keep latest fallback payload in host cookie for page reload replay.
+    const currentData = readStoredSyncedCookies(instance.config.consentCookieName)
+    currentData[cookieName] = {
+      cookieValue,
+      updatedAt: new Date().toISOString(),
+    }
+    let serialized = ''
+    try {
+      serialized = JSON.stringify(currentData)
+    } catch (error) {
+      console.warn(
+        `[eturnityConsentBridge] Failed to serialize cookie cache for iframe "${instance.iframeId}".`,
+        error
+      )
+      return false
+    }
+    if (serialized.length > 3500) {
+      console.warn(
+        `[eturnityConsentBridge] Cookie cache for iframe "${instance.iframeId}" is approaching cookie size limits and may be truncated by browsers.`
+      )
+    }
+    const persisted = setCookie(
+      instance.config.consentCookieName,
+      serialized,
+      CONSENT_COOKIE_MONTHS
+    )
+    if (persisted) {
+      log(instance, `Stored cookie fallback "${cookieName}" in host cookie cache.`)
+    }
+    return persisted
+  }
+  const removeSyncedCookie = (instance, cookieName) => {
+    const currentData = readStoredSyncedCookies(instance.config.consentCookieName)
+    if (!Object.prototype.hasOwnProperty.call(currentData, cookieName)) return true
+    delete currentData[cookieName]
+    if (Object.keys(currentData).length === 0) {
+      const deleted = deleteCookie(instance.config.consentCookieName)
+      if (deleted) {
+        log(instance, `Removed "${cookieName}" from host cookie cache and cleared empty cache cookie.`)
+      }
+      return deleted
+    }
+    let serialized = ''
+    try {
+      serialized = JSON.stringify(currentData)
+    } catch (error) {
+      console.warn(
+        `[eturnityConsentBridge] Failed to serialize cookie cache for iframe "${instance.iframeId}" after deleting "${cookieName}".`,
+        error
+      )
+      return false
+    }
+    const persisted = setCookie(
+      instance.config.consentCookieName,
+      serialized,
+      CONSENT_COOKIE_MONTHS
+    )
+    if (persisted) {
+      log(instance, `Removed cookie fallback "${cookieName}" from host cookie cache.`)
+    }
+    return persisted
+  }
+  const parseCookiePayload = (payload) => {
+    if (!isPlainObject(payload)) return null
+    if (typeof payload.cookieName !== 'string') return null
+    if (typeof payload.cookieValue !== 'string') return null
+    return {
+      cookieName: payload.cookieName,
+      cookieValue: payload.cookieValue,
+    }
+  }
+  const parseCookieDeletePayload = (payload) => {
+    if (!isPlainObject(payload)) return null
+    if (typeof payload.cookieName !== 'string') return null
+    return {
+      cookieName: payload.cookieName,
+    }
+  }
+  const getIframeContext = (iframeId) => {
+    const iframe = document.getElementById(iframeId)
+    if (!iframe || iframe.tagName !== 'IFRAME') return null
+    const src = iframe.getAttribute('src') || ''
+    if (!src) return { iframe, origin: null }
+    try {
+      return {
+        iframe,
+        origin: new URL(src, window.location.origin).origin,
+      }
+    } catch (error) {
+      return { iframe, origin: null }
+    }
+  }
+  const refreshInstanceContext = (instance) => {
+    // Re-resolve iframe/origin because src can change after initialization.
+    const context = getIframeContext(instance.iframeId)
+    if (!context) {
+      instance.iframe = null
+      instance.origin = null
+      return
+    }
+    instance.iframe = context.iframe
+    instance.origin = context.origin
+  }
+  const postCookieToIframe = (instance, cookiePayload) => {
+    refreshInstanceContext(instance)
+    if (!instance.iframe || !instance.iframe.contentWindow || !instance.origin) {
+      console.warn(
+        `[eturnityConsentBridge] Cannot post "${instance.config.cookieSyncMessage}" for iframe "${instance.iframeId}" because iframe window or origin is not ready.`
+      )
+      return
+    }
+    // Post only to the known iframe origin for this instance.
+    instance.iframe.contentWindow.postMessage(
+      {
+        type: instance.config.cookieSyncMessage,
+        payload: cookiePayload,
+      },
+      instance.origin
+    )
+    log(
+      instance,
+      `Posted "${instance.config.cookieSyncMessage}" to iframe origin "${instance.origin}".`,
+      cookiePayload
+    )
+  }
+  const postStoredCookiesToIframe = (instance, source) => {
+    // Replay host-stored values when requested by init or handshake.
+    const replaySource = source === 'sync_ready' ? 'sync_ready' : 'init'
+    const stored = readStoredSyncedCookies(instance.config.consentCookieName)
+    const cookieNames = Object.keys(stored)
+    if (!cookieNames.length) {
+      log(instance, `No stored cookies to replay (${replaySource}).`)
+      return
+    }
+    log(
+      instance,
+      `Replaying ${cookieNames.length} stored cookie(s) to iframe (${replaySource}).`
+    )
+    cookieNames.forEach((cookieName) => {
+      const entry = stored[cookieName]
+      if (!entry || typeof entry.cookieValue !== 'string') return
+      postCookieToIframe(instance, {
+        cookieName,
+        cookieValue: entry.cookieValue,
+      })
+    })
+  }
+  const findMatchingInstance = (eventSource) => {
+    // Route by source window so multiple iframes on a page are isolated.
+    const instances = Array.from(sharedState.instancesByIframeId.values())
+    for (let i = 0; i < instances.length; i += 1) {
+      const instance = instances[i]
+      refreshInstanceContext(instance)
+      if (
+        instance.iframe &&
+        instance.iframe.contentWindow &&
+        instance.iframe.contentWindow === eventSource
+      ) {
+        return instance
+      }
+    }
+    return null
+  }
+  const onMessage = (event) => {
+    if (!event || !isPlainObject(event.data)) return
+    const messageType = readMessageType(event.data)
+    const instance = findMatchingInstance(event.source)
+    if (!instance) {
+      if (messageType.indexOf('eturnity_') === 0) {
+        console.warn(
+          `[eturnityConsentBridge] Received "${messageType}" but could not match event.source to a registered iframe instance.`
+        )
+      }
+      return
+    }
+    if (!instance.origin) {
+      if (messageType.indexOf('eturnity_') === 0) {
+        console.warn(
+          `[eturnityConsentBridge] Ignoring "${messageType}" for iframe "${instance.iframeId}" because iframe origin could not be resolved from src.`
+        )
+      }
+      return
+    }
+    // Reject messages not coming from the expected origin of that iframe.
+    if (event.origin !== instance.origin) {
+      console.warn(
+        `[eturnityConsentBridge] Ignoring "${messageType}" due to origin mismatch for iframe "${instance.iframeId}". Expected "${instance.origin}", got "${event.origin}".`
+      )
+      return
+    }
+    if (!messageType) return
+    // Handshake event: iframe requests replay of previously synced cookies.
+    if (messageType === instance.config.cookieSyncReadyMessage) {
+      log(instance, `Iframe reported "${instance.config.cookieSyncReadyMessage}".`)
+      postStoredCookiesToIframe(instance, 'sync_ready')
+      return
+    }
+    if (messageType === instance.config.cookieFallbackMessage) {
+      log(instance, `Received message "${messageType}" from origin "${event.origin}".`)
+      const payload = parseCookiePayload(event.data.payload)
+      if (!payload) {
+        console.warn(
+          `[eturnityConsentBridge] Invalid payload for "${messageType}" from iframe "${instance.iframeId}".`
+        )
+        return
+      }
+      persistSyncedCookie(instance, payload.cookieName, payload.cookieValue)
+      postCookieToIframe(instance, payload)
+      return
+    }
+    if (messageType === instance.config.cookieDeleteMessage) {
+      log(instance, `Received message "${messageType}" from origin "${event.origin}".`)
+      const payload = parseCookieDeletePayload(event.data.payload)
+      if (!payload) {
+        console.warn(
+          `[eturnityConsentBridge] Invalid payload for "${messageType}" from iframe "${instance.iframeId}".`
+        )
+        return
+      }
+      removeSyncedCookie(instance, payload.cookieName)
+      postCookieToIframe(instance, {
+        cookieName: payload.cookieName,
+        isDeleted: true,
+      })
+      return
+    }
+    if (messageType.indexOf('eturnity_') === 0) {
+      console.warn(
+        `[eturnityConsentBridge] Ignoring unsupported message "${messageType}" for iframe "${instance.iframeId}".`
+      )
+    }
+  }
+  const ensureMessageListener = () => {
+    // One shared listener handles all registered iframe instances.
+    if (sharedState.messageListenerAttached) return
+    window.addEventListener('message', onMessage)
+    sharedState.messageListenerAttached = true
+  }
+  const cleanupMessageListenerIfIdle = () => {
+    if (
+      !sharedState.messageListenerAttached ||
+      sharedState.instancesByIframeId.size > 0
+    ) {
+      return
+    }
+    window.removeEventListener('message', onMessage)
+    sharedState.messageListenerAttached = false
+  }
+  const destroyInstance = (iframeId) => {
+    const normalizedIframeId = normalizeIframeId(iframeId)
+    if (!normalizedIframeId) return false
+    const removed = sharedState.instancesByIframeId.delete(normalizedIframeId)
+    cleanupMessageListenerIfIdle()
+    return removed
+  }
+  const normalizeOptions = (options) => {
+    if (!isPlainObject(options)) {
+      return {
+        valid: false,
+        reason:
+          '[eturnityConsentBridge] Missing or invalid options object. Use eturnityConsentBridge("iframe-id", { type: "solar_calculator | heating_calculator | e_mobility_configurator", logs: false }).',
+      }
+    }
+    if (typeof options.logs !== 'undefined' && typeof options.logs !== 'boolean') {
+      return {
+        valid: false,
+        reason:
+          '[eturnityConsentBridge] Invalid options.logs value. Expected boolean when provided.',
+      }
+    }
+    if (typeof options.type !== 'string' || !SUPPORTED_TYPES.includes(options.type)) {
+      return {
+        valid: false,
+        reason: `[eturnityConsentBridge] Invalid options.type. Supported values: ${SUPPORTED_TYPES.join(
+          ', '
+        )}.`,
+      }
+    }
+    return {
+      valid: true,
+      value: {
+        type: options.type,
+        logs: options.logs === true,
+      },
+    }
+  }
+  const initInstance = (iframeId, options) => {
+    const existing = sharedState.instancesByIframeId.get(iframeId)
+    if (existing) {
+      const typeChanged = existing.type !== options.type
+      existing.logs = options.logs
+      if (typeChanged) {
+        existing.type = options.type
+        existing.config = getTypeConfig(options.type)
+      }
+      refreshInstanceContext(existing)
+      log(existing, typeChanged ? `Bridge updated to type "${options.type}".` : 'Bridge re-initialized with existing configuration.')
+      postStoredCookiesToIframe(existing, 'init')
+      return existing
+    }
+    const type = options.type
+    const config = getTypeConfig(type)
+    const context = getIframeContext(iframeId)
+    const instance = {
+      iframeId,
+      iframe: context ? context.iframe : null,
+      origin: context ? context.origin : null,
+      type,
+      config,
+      logs: options.logs,
+      destroy: () => destroyInstance(iframeId),
+    }
+    if (!context) {
+      console.warn(
+        `[eturnityConsentBridge] Iframe with id "${iframeId}" was not found during initialization. The bridge will start working once the iframe is available.`
+      )
+    } else if (!context.origin) {
+      console.warn(
+        `[eturnityConsentBridge] Could not resolve iframe origin for "${iframeId}". Please make sure iframe src is set to a valid URL.`
+      )
+    }
+    sharedState.instancesByIframeId.set(iframeId, instance)
+    ensureMessageListener()
+    log(instance, `Bridge initialized with type "${type}".`)
+    postStoredCookiesToIframe(instance, 'init')
+    return instance
+  }
+  const eturnityConsentBridge = (iframeId, options) => {
+    const normalizedIframeId = normalizeIframeId(iframeId)
+    if (!normalizedIframeId) {
+      console.warn(
+        '[eturnityConsentBridge] Missing iframe id. Use eturnityConsentBridge("iframe-id", { type: "solar_calculator | heating_calculator | e_mobility_configurator" }).'
+      )
+      return null
+    }
+    const normalizedOptions = normalizeOptions(options)
+    if (!normalizedOptions.valid) {
+      console.warn(normalizedOptions.reason)
+      return null
+    }
+    return initInstance(normalizedIframeId, normalizedOptions.value)
+  }
+  eturnityConsentBridge.destroy = (iframeId) => {
+    const normalizedIframeId = normalizeIframeId(iframeId)
+    if (!normalizedIframeId) {
+      console.warn(
+        '[eturnityConsentBridge] Missing iframe id for destroy(). Use eturnityConsentBridge.destroy("iframe-id").'
+      )
+      return false
+    }
+    return destroyInstance(normalizedIframeId)
+  }
+  eturnityConsentBridge.destroyAll = () => {
+    sharedState.instancesByIframeId.clear()
+    cleanupMessageListenerIfIdle()
+  }
+  // Expose API as both window.eturnityConsentBridge(...) and eturnityConsentBridge(...).
+  sharedState.api = eturnityConsentBridge
+  window[API_NAME] = eturnityConsentBridge
+  globalThis[API_NAME] = eturnityConsentBridge
+})()