Add enforcement for deviceAccess #4913
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ebid.js into master-rubicon-clean
# Conflicts: # modules/advangelistsBidAdapter.js # test/spec/modules/advangelistsBidAdapter_spec.js
…ter-remote-updated
idettman
force-pushed
the
add-enforcement-device-access
branch
2 times, most recently
from
dbf8a53 to
c3c5b09
Compare
jsnellbaker
reviewed
Mar 3, 2020
|
Hi @idettman It might be useful to add a bit more protection for pubCommonIdSystem. With deviceAccess == false, it still keeps generating new uuid as userId.pubcid even though they are not persisted. In pubCommonIdSystem.js line 67, add a check to prevent id creation. const newId = (create && utils.hasDeviceAccess()) ? utils.generateUUID() : undefined; |
harpere
reviewed
Mar 7, 2020
| @@ -83,8 +83,7 @@ function writeDigiId(id) { | |||
| var key = 'DigiTrust.v1.identity'; | |||
| var date = new Date(); | |||
| date.setTime(date.getTime() + 604800000); | |||
| var exp = 'expires=' + date.toUTCString(); | |||
| document.cookie = key + '=' + encId(id) + '; ' + exp + '; path=/;SameSite=none;'; | |||
| utils.setCookie(key, encId(id), date.toUTCString(), 'none'); | |||
There was a problem hiding this comment.
this may require more refactoring because encId(), calls encodeURIComponent() and so does setCookie(). encoding twice could be a problem if it's not decoded twice on the other end. So maybe we refactor encId() or maybe add an option to setCookie() to NOT encode.
There was a problem hiding this comment.
Let me look into this. The id is typically passed through and decoded via a server-side process. I'll see if there is a reasonable place to account for possible double encoding in that pipeline.
There was a problem hiding this comment.
@goosemanjack - would like to get this ticket merged. Should we remove the call to encId()?
There was a problem hiding this comment.
I made a change here. Removed the call to encodeURI from encId. @goosemanjack - please review when you get a chance, but we need to merge this PR.
rade-popovic
approved these changes
Mar 9, 2020
osazos
requested changes
Mar 9, 2020
modules/adagioBidAdapter.js
Outdated
| @@ -23,7 +23,7 @@ pV6EP3MTLosuUEpLaQIDAQAB | |||
| export function getAdagioScript() { | |||
| try { | |||
| const w = utils.getWindowTop(); | |||
| const ls = w.localStorage.getItem(ADAGIO_LOCALSTORAGE_KEY); | |||
| const ls = (utils.hasLocalStorage()) ? w.localStorage.getItem(ADAGIO_LOCALSTORAGE_KEY) : null; | |||
There was a problem hiding this comment.
Hi,
As utils.getDataFromLocalStorage() checks if localStorage is available and returns null if nothing is found, we can just use:
const ls = utils.getDataFromLocalStorage(ADAGIO_LOCALSTORAGE_KEY);
Also, we call localStorage twice later in our bidder : lines 37 and 51. For this lines, we should use:
utils.removeDataFromLocalStorage(ADAGIO_LOCALSTORAGE_KEY);
Thanks!
There was a problem hiding this comment.
@osazos - you can go ahead and make the change you've suggested.
ghost
approved these changes
Mar 11, 2020
Gaudeamus
approved these changes
Mar 12, 2020
| @@ -342,15 +342,15 @@ function getLanguage() { | |||
|
|
|||
| function getLocalStorageSafely(key) { | |||
| try { | |||
There was a problem hiding this comment.
Hello @bretg!
I'm ok with the changes
However if utils.getDataFromLocalStorage(key) makes all safety checks, try/catch here could be avoided. Same in setLocalStorageSafely
bretg
approved these changes
Mar 13, 2020
merging changes from prebid#4978
We need to get moving on this merge, so I made an update -- the encId() function appears to be necessary to stringify and btoa() the ID. Just removed the layer of URL encoding in that function as duplicate of what happens in the PBJS setCookie fn.
jsnellbaker
approved these changes
Mar 17, 2020
|
Thanks for the reviews. Merging to get into today's release. |
bretg
removed
needs 2nd review
bmwcmw
pushed a commit
to criteo-forks/Prebid.js
that referenced
this pull request
Mar 31, 2020
* Add microadBidAdapter * Remove unnecessary encodeURIComponent from microadBidAdapter * Submit Advangelists Prebid Adapter * Submit Advangelists Prebid Adapter 1.1 * Correct procudtion endpoint for prebid * analytics update with wrapper name * reverted error merge * update changed default value of netRevenue to true * Re-add rubicon analytics without deprecated getTopWindowUrl util * Cache referrer on auction_init instead of bid_requested * add config for deviceAccess enforcement in utils getCookie setCookie and hasLocalStorage * add tests, and updates to names/comments * add deviceAccess enforcement to util method cookiesAreEnabled * update to adspendBidAdapter for device access enforcement * update to pubCommonId for device access enforcement * update widespaceBidAdapter for device access enforcement. updated utils storage methods with jsdoc typing, hasLocalStorage changed to only return boolean type * update to digiTrustIdSystem for device access enforcement * updated utils.setCookie signature, adding a 'domain' argument. update to invibesBidAdapter for device access enforcement * updated utils to group similar storage methods * updated kargoBidAdapter for add-enforcement-device-access * update to minimize changes in adapters using browser storage * updated modules with localStorage or cookie methods to use utils * updated invibesBidAdapter use of storage methods to use utils * fix for wrong obj reference for date string * revert accidental change to package.json * fix linting error, trailing comma. removed unnecessary cookie get set functions and replaced with util methods * reverted change to removed extra methods since it breaks unit test * fix for pubcommonidsystem id generation * update jsdoc param 'domain' * Update adagioBidAdapter.js merging changes from prebid#4978 * Removing encoding in DT encId We need to get moving on this merge, so I made an update -- the encId() function appears to be necessary to stringify and btoa() the ID. Just removed the layer of URL encoding in that function as duplicate of what happens in the PBJS setCookie fn. Co-authored-by: nakamoto <nakamoto_tatsuya@microad.co.jp> Co-authored-by: Chandra Prakash <chandra.prakash@advangelists.com> Co-authored-by: Eric Harper <eharper@rubiconproject.com> Co-authored-by: TJ Eastmond <teastmond@la-wlandaverde-mac.local> Co-authored-by: Mark Monday <mmonday@rubiconproject.com> Co-authored-by: msm0504 <51493331+msm0504@users.noreply.github.com> Co-authored-by: bretg <bgorsline@gmail.com>
rjvelicaria
pushed a commit
to openx/Prebid.js
that referenced
this pull request
Apr 9, 2020
* Add microadBidAdapter * Remove unnecessary encodeURIComponent from microadBidAdapter * Submit Advangelists Prebid Adapter * Submit Advangelists Prebid Adapter 1.1 * Correct procudtion endpoint for prebid * analytics update with wrapper name * reverted error merge * update changed default value of netRevenue to true * Re-add rubicon analytics without deprecated getTopWindowUrl util * Cache referrer on auction_init instead of bid_requested * add config for deviceAccess enforcement in utils getCookie setCookie and hasLocalStorage * add tests, and updates to names/comments * add deviceAccess enforcement to util method cookiesAreEnabled * update to adspendBidAdapter for device access enforcement * update to pubCommonId for device access enforcement * update widespaceBidAdapter for device access enforcement. updated utils storage methods with jsdoc typing, hasLocalStorage changed to only return boolean type * update to digiTrustIdSystem for device access enforcement * updated utils.setCookie signature, adding a 'domain' argument. update to invibesBidAdapter for device access enforcement * updated utils to group similar storage methods * updated kargoBidAdapter for add-enforcement-device-access * update to minimize changes in adapters using browser storage * updated modules with localStorage or cookie methods to use utils * updated invibesBidAdapter use of storage methods to use utils * fix for wrong obj reference for date string * revert accidental change to package.json * fix linting error, trailing comma. removed unnecessary cookie get set functions and replaced with util methods * reverted change to removed extra methods since it breaks unit test * fix for pubcommonidsystem id generation * update jsdoc param 'domain' * Update adagioBidAdapter.js merging changes from prebid#4978 * Removing encoding in DT encId We need to get moving on this merge, so I made an update -- the encId() function appears to be necessary to stringify and btoa() the ID. Just removed the layer of URL encoding in that function as duplicate of what happens in the PBJS setCookie fn. Co-authored-by: nakamoto <nakamoto_tatsuya@microad.co.jp> Co-authored-by: Chandra Prakash <chandra.prakash@advangelists.com> Co-authored-by: Eric Harper <eharper@rubiconproject.com> Co-authored-by: TJ Eastmond <teastmond@la-wlandaverde-mac.local> Co-authored-by: Mark Monday <mmonday@rubiconproject.com> Co-authored-by: msm0504 <51493331+msm0504@users.noreply.github.com> Co-authored-by: bretg <bgorsline@gmail.com>
iggyfisk
pushed a commit
to happypancake/Prebid.js
that referenced
this pull request
Jun 22, 2020
* Add microadBidAdapter * Remove unnecessary encodeURIComponent from microadBidAdapter * Submit Advangelists Prebid Adapter * Submit Advangelists Prebid Adapter 1.1 * Correct procudtion endpoint for prebid * analytics update with wrapper name * reverted error merge * update changed default value of netRevenue to true * Re-add rubicon analytics without deprecated getTopWindowUrl util * Cache referrer on auction_init instead of bid_requested * add config for deviceAccess enforcement in utils getCookie setCookie and hasLocalStorage * add tests, and updates to names/comments * add deviceAccess enforcement to util method cookiesAreEnabled * update to adspendBidAdapter for device access enforcement * update to pubCommonId for device access enforcement * update widespaceBidAdapter for device access enforcement. updated utils storage methods with jsdoc typing, hasLocalStorage changed to only return boolean type * update to digiTrustIdSystem for device access enforcement * updated utils.setCookie signature, adding a 'domain' argument. update to invibesBidAdapter for device access enforcement * updated utils to group similar storage methods * updated kargoBidAdapter for add-enforcement-device-access * update to minimize changes in adapters using browser storage * updated modules with localStorage or cookie methods to use utils * updated invibesBidAdapter use of storage methods to use utils * fix for wrong obj reference for date string * revert accidental change to package.json * fix linting error, trailing comma. removed unnecessary cookie get set functions and replaced with util methods * reverted change to removed extra methods since it breaks unit test * fix for pubcommonidsystem id generation * update jsdoc param 'domain' * Update adagioBidAdapter.js merging changes from prebid#4978 * Removing encoding in DT encId We need to get moving on this merge, so I made an update -- the encId() function appears to be necessary to stringify and btoa() the ID. Just removed the layer of URL encoding in that function as duplicate of what happens in the PBJS setCookie fn. Co-authored-by: nakamoto <nakamoto_tatsuya@microad.co.jp> Co-authored-by: Chandra Prakash <chandra.prakash@advangelists.com> Co-authored-by: Eric Harper <eharper@rubiconproject.com> Co-authored-by: TJ Eastmond <teastmond@la-wlandaverde-mac.local> Co-authored-by: Mark Monday <mmonday@rubiconproject.com> Co-authored-by: msm0504 <51493331+msm0504@users.noreply.github.com> Co-authored-by: bretg <bgorsline@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Description of change
Addresses: Issue #4747
We discussed in a Prebid.js meeting and came up with a radically simpler (and quicker) approach, relying on the publisher to determine when to turn off device access and then configure:
setCookie,getCookie,hasLocalStorage(new config option)The proposed new config option is:
pbjs.setConfig({ deviceAccess: false });Acceptance Criteria