Initialize TCF earlier and set gdpr to apply always #4453
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
Passing run #5355 ↗︎
Details:
Review all test suite changes for PR #4453 ↗︎ |
||||||||||||||||||||
clients/fides-js/src/lib/tcf/stub.ts
Outdated
| * Fides modification (PROD#1433): gdprApplies defaults to true | ||
| * since we only return TCF when gdpr does apply! | ||
| */ | ||
| let gdprApplies: boolean = true; |
There was a problem hiding this comment.
One ask: for our future benefit, let's do this as an override option fides_tcf_gdpr_applies and default it to true there. This gives us an out if we need one 👍
clients/fides-js/src/fides-tcf.ts
Outdated
| @@ -241,6 +242,7 @@ const updateFidesCookieFromString = ( | |||
| * Initialize the global Fides object with the given configuration values | |||
| */ | |||
| const init = async (config: FidesConfig) => { | |||
| makeStub(); | |||
| // Initialize api with TC str, we don't yet show UI, so we use false | ||
| // see https://github.com/InteractiveAdvertisingBureau/iabtcf-es/tree/master/modules/cmpapi#dont-show-ui--tc-string-does-not-need-an-update | ||
| window.addEventListener("FidesInitialized", (event) => { | ||
| const tcString = fidesEventToTcString(event); | ||
| cmpApi.update(tcString ?? null, false); |
There was a problem hiding this comment.
fidesEventToTcString now does the work of defaulting to a value. since if there's a tc string at all (including an empty string) the library sets gdprApplies = true. so fidesEventToTcString additionally checks if gdpr applies first. this might not actually be what we want though since it can effectively turn off setting a tc string at all. perhaps the override should just be for the initial default value? I did this at first, but I couldn't actually test it since the period where there's a default value until this line was too short for cypress to catch
There was a problem hiding this comment.
maybe only FidesInitialized should do the check for fides_tcf_gdpr_applies and the other events should stick to what they were?
There was a problem hiding this comment.
Hmmm... a philosophical question eh?
I would recommend we check for that option override in one place, so I think it's OK to centralize into the helper function that extracts the string.
It's a bit weird that the CmpApi class sets GDPR applies based on a string though. Looking at their docs a bit to form a stronger POV
There was a problem hiding this comment.
OK, their docs are super explicit: https://github.com/InteractiveAdvertisingBureau/iabtcf-es/blob/master/modules/cmpapi/README.md#trigger-change-event
update() may be called either an encoded TC string an empty string ('') or null.
- Encoded TC string, CmpApi will decode the string and respond to TCData with the decoded values.
- gdprApplies will be set to true
- Empty string (''), CmpApi will respond to TCData with the correct structure but all primitive values will be empty.
- gdprApplies will be set to true
- null, CmpApi will respond to TCData with the correct structure but all primitive values will be empty.
- gdprApplies will be set to false
In that case I think we can document this more clearly but I agree with your implementation 👍
| @@ -102,6 +102,7 @@ | |||
| "isGeolocationEnabled": false, | |||
| "geolocationApiUrl": "", | |||
| "privacyCenterUrl": "http://localhost:3000", | |||
| "fidesApiUrl": "http://localhost:8080/api/v1" | |||
| "fidesApiUrl": "http://localhost:8080/api/v1", | |||
| "fidesTcfGdprApplies": true | |||
There was a problem hiding this comment.
since this is an option that defaults to true, and because our test harness doesn't go through fides-js the API (which defaults this value to true), we set the default to true here.
| // Initialize api with TC str, we don't yet show UI, so we use false | ||
| // see https://github.com/InteractiveAdvertisingBureau/iabtcf-es/tree/master/modules/cmpapi#dont-show-ui--tc-string-does-not-need-an-update | ||
| window.addEventListener("FidesInitialized", (event) => { | ||
| const tcString = fidesEventToTcString(event); | ||
| cmpApi.update(tcString ?? null, false); |
There was a problem hiding this comment.
Hmmm... a philosophical question eh?
I would recommend we check for that option override in one place, so I think it's OK to centralize into the helper function that extracts the string.
It's a bit weird that the CmpApi class sets GDPR applies based on a string though. Looking at their docs a bit to form a stronger POV
| // Initialize api with TC str, we don't yet show UI, so we use false | ||
| // see https://github.com/InteractiveAdvertisingBureau/iabtcf-es/tree/master/modules/cmpapi#dont-show-ui--tc-string-does-not-need-an-update | ||
| window.addEventListener("FidesInitialized", (event) => { | ||
| const tcString = fidesEventToTcString(event); | ||
| cmpApi.update(tcString ?? null, false); |
There was a problem hiding this comment.
OK, their docs are super explicit: https://github.com/InteractiveAdvertisingBureau/iabtcf-es/blob/master/modules/cmpapi/README.md#trigger-change-event
update() may be called either an encoded TC string an empty string ('') or null.
- Encoded TC string, CmpApi will decode the string and respond to TCData with the decoded values.
- gdprApplies will be set to true
- Empty string (''), CmpApi will respond to TCData with the correct structure but all primitive values will be empty.
- gdprApplies will be set to true
- null, CmpApi will respond to TCData with the correct structure but all primitive values will be empty.
- gdprApplies will be set to false
In that case I think we can document this more clearly but I agree with your implementation 👍
| }: { | ||
| gdprAppliesDefault?: boolean; | ||
| }) => { | ||
| console.log({ gdprAppliesDefault }); |
Closes https://ethyca.atlassian.net/browse/PROD-1433
Description Of Changes
Write some things here about the changes and any potential caveats
Code Changes
Steps to Confirm
Pre-Merge Checklist
CHANGELOG.md