Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XCH-801 GDPR Compliance #8

Merged
merged 4 commits into from
Aug 16, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 33 additions & 7 deletions modules/33acrossBidAdapter.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,9 @@ function _createBidResponse(response) {
}
}

// infer the necessary data from valid bid for a minimal ttxRequest and create HTTP request
function _createServerRequest(bidRequest) {
// Infer the necessary data from valid bid for a minimal ttxRequest and create HTTP request
// NOTE: At this point, TTX only accepts request for a single impression
function _createServerRequest(bidRequest, gdprConsent) {
const ttxRequest = {};
const params = bidRequest.params;

Expand All @@ -48,11 +49,24 @@ function _createServerRequest(bidRequest) {
// therefore in ad targetting process
ttxRequest.id = bidRequest.bidId;

// Set GDPR related fields
ttxRequest.user = {
ext: {
consent: gdprConsent.consentString

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible for gdprConsent to be undefined ? If so, then this line will probably throw an exception.

Copy link
Collaborator Author

@curlyblueeagle curlyblueeagle Aug 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, when the request playload is stringyfied, an consentString: undefined is translated to

user: {
  ext: {}
}

}
}
ttxRequest.regs = {
ext: {
gdpr: (gdprConsent.gdprApplies === true) ? 1 : 0
}
}

// Finally, set the openRTB 'test' param if this is to be a test bid
if (params.test === 1) {
ttxRequest.test = 1;
}


/*
* Now construct the full server request
*/
Expand Down Expand Up @@ -104,11 +118,18 @@ function isBidRequestValid(bid) {
return true;
}

// NOTE: At this point, TTX only accepts request for a single impression
function buildRequests(bidRequests) {
// NOTE: With regards to gdrp consent data,
// - the server independently infers gdpr applicability therefore, setting the default value to false
// - the server, at this point, also doesn't need the consent string to handle gdpr compliance. So passing
// value whether set or not, for the sake of future dev.
function buildRequests(bidRequests, bidderRequest) {
const gdprConsent = Object.assign({ consentString: undefined, gdprApplies: false }, bidderRequest && bidderRequest.gdprConsent)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah -- I guess this answers my earlier question about "can gdprConsent be undefined". So: the value will always be defined.


adapterState.uniqueSiteIds = bidRequests.map(req => req.params.siteId).filter(uniques);

return bidRequests.map(_createServerRequest);
return bidRequests.map((req) => {
return _createServerRequest(req, gdprConsent);
});
}

// NOTE: At this point, the response from 33exchange will only ever contain one bid i.e. the highest bid
Expand All @@ -124,8 +145,13 @@ function interpretResponse(serverResponse, bidRequest) {
}

// Register one sync per unique guid
function getUserSyncs(syncOptions) {
return (syncOptions.iframeEnabled) ? adapterState.uniqueSiteIds.map(_createSync) : ([]);
// NOTE: If gdpr applies do not sync
function getUserSyncs(syncOptions, responses, gdprConsent) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... looks like the 33Across code is not calling this method. I assume it's being invoked via the top-level (Prebid) infrastructure, then?

(If so: hmm... I have a feeling that the method signature is going to change at some point in the future. There are quite a few args here, and it looks like things could be generalized)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea it's the part of the adapter API exposed to Prebid core. And that appears to be their signature http://prebid.org/dev-docs/modules/consentManagement.html#usersync-integration

if (gdprConsent && gdprConsent.gdprApplies === true) {
return []
} else {
return (syncOptions.iframeEnabled) ? adapterState.uniqueSiteIds.map(_createSync) : ([]);
}
}

const spec = {
Expand Down
Loading