Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong signature of __tcfapi in iframe #5976

Closed
ReinoutStevens opened this issue Nov 13, 2020 · 1 comment
Closed

Wrong signature of __tcfapi in iframe #5976

ReinoutStevens opened this issue Nov 13, 2020 · 1 comment

Comments

@ReinoutStevens
Copy link
Contributor

ReinoutStevens commented Nov 13, 2020
edited
Loading

Type of issue

In the context of an iframe, the consentmanagement module installs a tcf function that is non-standard, and in our case, breaks google's calls to tcf, hereby preventing ads from being rendered.

Description

The consentmanagement module detects whether the CMP is present in the current window, or whether it is made available through the tcfapiLocation frame. In the latter case, Prebid installs a __tcfapi function on window, which uses the postMessage api to forward the requests to the actual CMP.

The problem is that the install __tcfapi is a non-standard compliant function. The installed function has the following signature: function (cmd, arg, callback). The __tcfapi function should be (cmd, version, callback, arg ). You can find a working example here.

As a result: google does not render banner ads in an iframe context because their __tcfapi call fails.

Steps to reproduce

  • Load prebid in an iframe
  • Do an auction so that the __tcfapi gets installed on window
  • Notice that __tcfapi('addEventListener', 2, (data) => console.log(data)) fails in that iframe ( at least with our CMP provider, your mileage may vary with other providers )

Other information

The following code works, but assumes that we're using V2 of the __tcfapi. I don't really know the difference with V1.

window[apiName] = function(cmd, version, callback, arg) {
      let callId = Math.random() + '';
      let callName = `${apiName}Call`;
      let msg = {
        [callName]: {
          command: cmd,
          parameter: arg,
          callId: callId,
          version: version,
        },
      };

      cmpCallbacks[callId] = callback;
      cmpFrame.postMessage(msg, '*');
    };

    /** when we get the return message, call the stashed callback */
    window.addEventListener('message', readPostMessageResponse, false);

    // call CMP
    window[apiName](commandName, 2, moduleCallback, undefined);

The offending code is found here: https://github.com/prebid/Prebid.js/blob/master/modules/consentManagement.js#L204
@polo2ro
Copy link
Contributor

polo2ro commented Nov 27, 2020

Hello,
i started working on this before seeing the issue.
master...polo2ro:fix-iframe-tcfapi-arguments

The main problem is that the tcf2 api add an additional argument for version but prebid code has not been updated for this change.

I will try to create a PR with my code, with cmp v1 compatibility

@polo2ro polo2ro mentioned this issue Dec 1, 2020
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ReinoutStevens @polo2ro @jsnellbaker