Skip to content

Unexpected getObject() results since 3.1.3 #72

New issue
New issue
Open
Open
Unexpected getObject() results since 3.1.3#72
Labels
bugSomething isn't workingreviewedFor library maintainers only. Indicates that this issue was reviewed.
@Brayyy

Description

@Brayyy
Brayyy
opened on Dec 20, 2024

Senario:

  • We use this NPM package in a back-end Node.js service
  • We are not responsible for generating the GPP string, only processing it
  • We have no ability to force the end-user to use a specific version of the package when generating the GPP string

I'm working on updating our back-end service to use the latest version (3.1.5), but I'm finding unexpected results since 3.1.3.

My implementation is very basic:

// Setup...
// CmpApi is not designed to work with NodeJs. mock the window object
global.window = {};
global.window.__gpp = () => null;
const cmpApi = new CmpApi(1, 3);

// Usage per request...
cmpApi.setGppString(gppStr);
const gppObj = cmpApi.getObject();

Here three randomly chosen GPP strings, and the results of getObject() for versions 3.1.1 through 3.1.5:

String: DBABrw~BVQqAAAACgA.QA~BUoAAAKA.QA
Version: 3.1.1 {"usnatv1":{"Version":1,"SharingNotice":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"TargetedAdvertisingOptOutNotice":1,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":2,"SharingOptOut":2,"TargetedAdvertisingOptOut":2,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":2,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false},"uscav1":{"Version":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"SensitiveDataLimitUseNotice":0,"SaleOptOut":2,"SharingOptOut":2,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":2,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.2 {"usnat":{"Version":1,"SharingNotice":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"TargetedAdvertisingOptOutNotice":1,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":2,"SharingOptOut":2,"TargetedAdvertisingOptOut":2,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":2,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false},"usca":{"Version":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"SensitiveDataLimitUseNotice":0,"SaleOptOut":2,"SharingOptOut":2,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":2,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.3 {"usnat":[{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0},{"GpcSegmentType":1,"Gpc":false}],"usca":[{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0},{"GpcSegmentType":1,"Gpc":false}]}
Version: 3.1.4 {"usnat":{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false},"usca":{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.5 {"usnat":{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false},"usca":{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}

String: DBABL~BVVKqqqqgg
Version: 3.1.1 {"usnatv1":{"Version":1,"SharingNotice":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"TargetedAdvertisingOptOutNotice":1,"SensitiveDataProcessingOptOutNotice":1,"SensitiveDataLimitUseNotice":1,"SaleOptOut":0,"SharingOptOut":2,"TargetedAdvertisingOptOut":2,"SensitiveDataProcessing":[2,2,2,2,2,2,2,2,2,2,2,2],"KnownChildSensitiveDataConsents":[2,0],"PersonalDataConsents":0,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.2 {"usnat":{"Version":1,"SharingNotice":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"TargetedAdvertisingOptOutNotice":1,"SensitiveDataProcessingOptOutNotice":1,"SensitiveDataLimitUseNotice":1,"SaleOptOut":0,"SharingOptOut":2,"TargetedAdvertisingOptOut":2,"SensitiveDataProcessing":[2,2,2,2,2,2,2,2,2,2,2,2],"KnownChildSensitiveDataConsents":[2,0],"PersonalDataConsents":0,"MspaCoveredTransaction":2,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.3 {"usnat":[{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0},{"GpcSegmentType":1,"Gpc":false}]}
Version: 3.1.4 {"usnat":{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.5 {"usnat":{"Version":1,"SharingNotice":0,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"TargetedAdvertisingOptOutNotice":0,"SensitiveDataProcessingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"TargetedAdvertisingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}

String: DBABBg~BUUAAAFY.YA
Version: 3.1.1 {"uscav1":{"Version":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"SensitiveDataLimitUseNotice":0,"SaleOptOut":1,"SharingOptOut":1,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":1,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":1,"MspaServiceProviderMode":2,"GpcSegmentType":1,"Gpc":true}}
Version: 3.1.2 {"usca":{"Version":1,"SaleOptOutNotice":1,"SharingOptOutNotice":1,"SensitiveDataLimitUseNotice":0,"SaleOptOut":1,"SharingOptOut":1,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":1,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":1,"MspaServiceProviderMode":2,"GpcSegmentType":1,"Gpc":true}}
Version: 3.1.3 {"usca":[{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0},{"GpcSegmentType":1,"Gpc":false}]}
Version: 3.1.4 {"usca":{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}
Version: 3.1.5 {"usca":{"Version":1,"SaleOptOutNotice":0,"SharingOptOutNotice":0,"SensitiveDataLimitUseNotice":0,"SaleOptOut":0,"SharingOptOut":0,"SensitiveDataProcessing":[0,0,0,0,0,0,0,0,0],"KnownChildSensitiveDataConsents":[0,0],"PersonalDataConsents":0,"MspaCoveredTransaction":1,"MspaOptOutOptionMode":0,"MspaServiceProviderMode":0,"GpcSegmentType":1,"Gpc":false}}

The user has clearly has the SaleOptOut/SharingOptOut/KnownChildSensitiveDataConsents set non-zero, but later package versions are returning a negative indicator for these keys. I can pass these strings into https://iabgpp.com and https://www.gppdecoder.com, and they return as expected.

Is there something I'm missing here? I found a lot of bumpy/breaking updates in the last few patch versions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingreviewedFor library maintainers only. Indicates that this issue was reviewed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions