Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Quantcast: Block bids without purpose 1 consent #5046

Merged
merged 8 commits into from
Apr 14, 2020
Prev Previous commit
Next Next commit
Make TCF v1 consent check strict.
  • Loading branch information
dpapworth-qc committed Mar 30, 2020
commit 002b54f63e62aebbdf687551ebbdf44f88cc052b
22 changes: 8 additions & 14 deletions modules/quantcastBidAdapter.js
Original file line number Diff line number Diff line change
@@ -77,21 +77,10 @@ function getDomain(url) {
}

function checkTCFv1(vendorData) {
// Defer consent check to server if no consent fields in vendor data
let purposeConsent = true;
let vendorConsent = true;
let vendorConsent = vendorData.vendorConsents && vendorData.vendorConsents[QUANTCAST_VENDOR_ID];
let purposeConsent = vendorData.purposeConsents && vendorData.purposeConsents[PURPOSE_DATA_COLLECT];

if (typeof vendorData.purposeConsents !== 'undefined' &&
typeof vendorData.purposeConsents[PURPOSE_DATA_COLLECT] !== 'undefined') {
vendorConsent = !!(vendorData.purposeConsents[PURPOSE_DATA_COLLECT]);
}

if (typeof vendorData.vendorConsents !== 'undefined' &&
typeof vendorData.vendorConsents[QUANTCAST_VENDOR_ID] !== 'undefined') {
purposeConsent = !!(vendorData.vendorConsents[QUANTCAST_VENDOR_ID])
}

return vendorConsent && purposeConsent;
return !!(vendorConsent && purposeConsent);
}

function checkTCFv2(tcData) {
@@ -105,6 +94,11 @@ function checkTCFv2(tcData) {
? restrictions[PURPOSE_DATA_COLLECT][QUANTCAST_VENDOR_ID]
: null;

if (qcRestriction === 0) {
// Not allowed by publisher
return false;
}

let vendorConsent = tcData.vendor && tcData.vendor.consents && tcData.vendor.consents[QUANTCAST_VENDOR_ID];
let purposeConsent = tcData.purpose && tcData.purpose.consents && tcData.purpose.consents[PURPOSE_DATA_COLLECT];
if (vendorConsent && purposeConsent && qcRestriction !== 2) {
52 changes: 25 additions & 27 deletions test/spec/modules/quantcastBidAdapter_spec.js
Original file line number Diff line number Diff line change
@@ -362,33 +362,17 @@ describe('Quantcast adapter', function () {
expect(parsed.gdprConsent).to.equal('consentString');
});

it('blocks request without TCF v1 vendor consent', function () {
const bidderRequest = {
gdprConsent: {
gdprApplies: true,
consentString: 'consentString',
vendorData: {
vendorConsents: {
'11': false
}
},
apiVersion: 1
}
};

const requests = qcSpec.buildRequests([bidRequest], bidderRequest);

expect(requests).to.equal(undefined);
});

it('allows request with TCF v1 vendor consent', function () {
it('allows request with TCF v1 consent', function () {
const bidderRequest = {
gdprConsent: {
gdprApplies: true,
consentString: 'consentString',
vendorData: {
vendorConsents: {
'11': true
},
purposeConsents: {
'1': true
}
},
apiVersion: 1
@@ -402,14 +386,17 @@ describe('Quantcast adapter', function () {
expect(parsed.gdprConsent).to.equal('consentString');
});

it('blocks request without TCF v1 purpose consent', function () {
it('blocks request without TCF v1 vendor consent', function () {
const bidderRequest = {
gdprConsent: {
gdprApplies: true,
consentString: 'consentString',
vendorData: {
vendorConsents: {
'11': false
},
purposeConsents: {
'1': false
'1': true
}
},
apiVersion: 1
@@ -421,25 +408,26 @@ describe('Quantcast adapter', function () {
expect(requests).to.equal(undefined);
});

it('allows request with TCF v1 purpose consent', function () {
it('blocks request without TCF v1 purpose consent', function () {
const bidderRequest = {
gdprConsent: {
gdprApplies: true,
consentString: 'consentString',
vendorData: {
vendorConsents: {
'11': true
},
purposeConsents: {
'1': true
'1': false
}
},
apiVersion: 1
}
};

const requests = qcSpec.buildRequests([bidRequest], bidderRequest);
const parsed = JSON.parse(requests[0].data);

expect(parsed.gdprSignal).to.equal(1);
expect(parsed.gdprConsent).to.equal('consentString');
expect(requests).to.equal(undefined);
});

it('allows TCF v2 request from Germany', function () {
@@ -496,6 +484,16 @@ describe('Quantcast adapter', function () {
gdprApplies: true,
consentString: 'consentString',
vendorData: {
vendor: {
consents: {
'11': true
}
},
purpose: {
consents: {
'1': true
}
},
publisher: {
restrictions: {
'1': {