Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserID: check for all consent (not just GDPR) to check if an ID needs refreshing #10286

Merged
merged 2 commits into from
Aug 17, 2023
Merged

UserID: check for all consent (not just GDPR) to check if an ID needs refreshing #10286

merged 2 commits into from
Aug 17, 2023

Conversation

dgirardi
Copy link
Collaborator

Type of change

  • Bugfix

Description of change

Fixes #10276

Also, consent hash is now stored with each ID module - meaning that userId will no longer use storage, at all, even if strictStorageEnforcement is not set (meaning also, however, that we need a few more bytes of storage for each ID module).

@ChrisHuie ChrisHuie requested a review from musikele August 3, 2023 15:15
@patmmccann patmmccann requested a review from smenzer August 9, 2023 15:52
@patmmccann patmmccann removed the request for review from musikele August 9, 2023 16:10
@patmmccann patmmccann requested a review from Rothalack August 9, 2023 16:11
@smenzer
Copy link
Collaborator

smenzer commented Aug 9, 2023

what's the reasoning behind moving the consent hash to each submodule? will they need to do something with it now?

@dgirardi
Copy link
Collaborator Author

dgirardi commented Aug 9, 2023

the reason is to avoid using "core" storage ( = Prebid acting as the first party, and not requiring consent to use device storage). it's not clear if it's OK for us to use storage in this way; some pubs (or maybe some automated tools) expect to see nothing stored at all when consent is declined. With #8661 we introduced a new strictStorageEnforcement option to address that problem, but after discussing with @patmmccann we thought it'd be better if we blame a 3rd party to avoid the grey area and the need for extra config.

@patmmccann
Copy link
Collaborator

Does this also solve #6433

@smenzer
Copy link
Collaborator

smenzer commented Aug 14, 2023

@dgirardi can you confirm if my understanding of the basic logic is correct? instead of storing the consent hash for gdpr once, we now look at any/all consent data we have, hash them, and store them in the submodule's cookie/local storage space -- but only when "storing the id value". we still only pass in gdpr consent data to the id submodules. there are no changes required for the submodules, because the user id module still checks the submodule's consent hash to determine if a refresh is needed (based on any consent system, not just gdpr). the two main changes here are: 1) all types of consent, not just gdpr, are hashed and checked for changes before a refresh and 2) the hash is stored in each submodule's cookie/local storage space (resulting in the same hash stored several times, one per id submodule).

did i miss anything or get anything wrong?

@dgirardi
Copy link
Collaborator Author

@smenzer your summary is accurate. There's no change to the submodule API, and this does not attempt to address #6433

smenzer
smenzer approved these changes Aug 14, 2023
View reviewed changes
Copy link
Collaborator

@smenzer smenzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Rothalack
Rothalack approved these changes Aug 15, 2023
View reviewed changes
Copy link
Collaborator

@Rothalack Rothalack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@patmmccann patmmccann merged commit 06ae917 into prebid:master Aug 17, 2023
jxdeveloper1 added a commit to jxdeveloper1/Prebid.js that referenced this pull request Aug 18, 2023
@jxdeveloper1
Merge branch 'master' into rw-jixie-pass-gpid-etc
5ef588b 
* master: (107 commits)
  Increment version to 8.11.0-pre
  Prebid 8.10.0 release
  add privacyIcon to not native asset list (prebid#10259)
  gppControl_usstates: activity controls for US state consent (prebid#10283)
  UserID: check for all consent (not just GDPR) to check if an ID needs refreshing (prebid#10286)
  fluct Bid Adapter: add user.data to bid requests (prebid#10318)
  Prebid Server adapter: improve cookie_sync tests, check GPP fields are populated (prebid#10362)
  fix: consolidate banner format array (prebid#10365)
  consentManagementGpp: support GPP 1.1 (prebid#10282)
  Relay Bid Adapter : Initial Release (prebid#10197)
  Yieldmo Bid Adapter : adding 4.x VAST protocol support (prebid#10363)
  Cadent Aperture MX Bid Adapter: support GPP and GPP Section Ids (prebid#10342)
  identityLinkSubmodule: add additional check on retrieving the envelope (prebid#10355)
  fluct Bid Adapter: add gpid to bid requests (prebid#10361)
  Increment version to 8.10.0-pre
  Prebid 8.9.0 release
  fledgeForGpt: consolidate publisher configuration (prebid#10360)
  ConcertBidAdapter: Add `browserLanguage` to request `meta` object (prebid#10356)
  GrowthCode Analytics: Updates/BugFixes (prebid#10339)
  Activity Controls GPP: invalidate covered = 0 in mspa (prebid#10354)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rothalack Rothalack Rothalack approved these changes

@smenzer smenzer smenzer approved these changes

Assignees

@smenzer smenzer

@Rothalack Rothalack

Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User ID may use stale USP/GPP consent
6 participants
@dgirardi @smenzer @patmmccann @Rothalack @musikele @ChrisHuie