refactor (fix) 1.5.7 use hosted vendorlist by default

CHANGELOG.md

@@ -1,3 +1,11 @@
+## [1.5.7](https://github.com/openmail/system1-cmp/compare/v1.5.6...v1.5.7) (2020-08-17)
+
+### Fix
+
+- [x] Default to hosted vendorlist since IAB removed their global v1 vendorlist
+- [x] Check for IAB global vendor list location and remove if manually set
+- [x] Add SameSite;secure cookie props for http and https
+
 ## [1.5.6](https://github.com/openmail/system1-cmp/compare/v1.5.5...v1.5.6) (2020-06-23)
 
 ### Translations

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "system1-cmp",
-	"version": "1.5.6",
+	"version": "1.5.7",
 	"description": "System1 Consent Management Platform for TCF 1.1 GDPR Compliance",
 	"scripts": {
 		"clean": "rimraf ./dist",
@@ -13,10 +13,10 @@
 		"deploy": "yarn clean  && yarn deploy:original && yarn deploy:s1",
 		"build:original": "cross-env NODE_ENV=production webpack --progress --config config/webpack.config.babel.js",
 		"deploy:original": "yarn build:original && yarn upload:original",
-		"upload:original": "cross-var s3-deploy './dist/{*.?(js|html),docs/**}' --cwd './dist' --region us-west-2 --bucket s1-layout-cdn/cmp --gzip --cache 1440 --invalidate '/cmp/*.js /cmp/* /cmp/docs/*'",
+		"upload:original": "cross-var s3-deploy './dist/{*.?(js|html),docs/**}' --cwd './dist' --region us-west-2 --bucket s1-layout-cdn/cmp --gzip --cache 1440 --distId E5JQ1CRXXPTKM --invalidate '/cmp/*.js /cmp/* /cmp/docs/*'",
 		"build:s1": "cross-env NODE_ENV=production webpack --progress --config config/s1.webpack.config.babel.js",
 		"deploy:s1": "yarn build:s1 && yarn upload:s1",
-		"upload:s1": "cross-var s3-deploy './dist/$npm_package_version/**' --cwd './dist/$npm_package_version' --region us-west-2 --bucket s1-layout-cdn/cmp/$npm_package_version --gzip --preventUpdates --immutable",
+		"upload:s1": "cross-var s3-deploy './dist/$npm_package_version/**' --cwd './dist/$npm_package_version' --region us-west-2 --bucket s1-layout-cdn/cmp/$npm_package_version --gzip --cache 1440 --distId E5JQ1CRXXPTKM --invalidate '/cmp/$npm_package_version'",
 		"prebuild": "npm run clean && mkdirp dist",
 		"test": "npm run -s lint && jest --coverage",
 		"test:watch": "npm run -s test -- --watch",

src/lib/config.js

@@ -10,7 +10,7 @@ const defaultConfig = {
 	cookieDomain: null,
 	customPurposeListLocation: null, // './purposes.json',
 	// The location of the latest vendorlist to use.
-	globalVendorListLocation: 'https://vendorlist.consensu.org/vendorlist.json',
+	globalVendorListLocation: `https://s.flocdn.com/cmp/${VERSION}/config/vendorlist.json`,
 	globalConsentLocation: './portal.html',
 	pubVendorListLocation: null,
 	storeConsentGlobally: false,
@@ -31,6 +31,10 @@ class Config {
 	}
 
 	update = (updates) => {
+		if (updates && updates.globalVendorListLocation === 'https://vendorlist.consensu.org/vendorlist.json') {
+			delete updates.globalVendorListLocation;
+		}
+
 		if (updates && typeof updates === 'object') {
 			const validKeys = Object.keys(defaultConfig);
 			const { validUpdates, invalidKeys } = Object.keys(updates).reduce(

src/lib/cookie/cookie.js

@@ -5,7 +5,7 @@ import {
 	encodeVendorCookieValue,
 	decodeVendorCookieValue,
 	encodePublisherCookieValue,
-	decodePublisherCookieValue
+	decodePublisherCookieValue,
 } from './cookieutils';
 
 import { sendPortalCommand } from '../portal';
@@ -72,7 +72,7 @@ function convertVendorsToRanges(maxVendorId, selectedIds) {
 			ranges.push({
 				isRange: typeof endVendorId === 'number',
 				startVendorId,
-				endVendorId
+				endVendorId,
 			});
 		}
 	}
@@ -89,7 +89,7 @@ function encodeVendorConsentData(vendorData) {
 		maxVendorId,
 		purposeIdBitString: encodePurposeIdsToBits(purposes, selectedPurposeIds),
 		isRange: false,
-		vendorIdBitString: encodeVendorIdsToBits(maxVendorId, selectedVendorIds)
+		vendorIdBitString: encodeVendorIdsToBits(maxVendorId, selectedVendorIds),
 	});
 
 	const vendorRangeList = convertVendorsToRanges(maxVendorId, selectedVendorIds);
@@ -100,7 +100,7 @@ function encodeVendorConsentData(vendorData) {
 		isRange: true,
 		defaultConsent: false,
 		numEntries: vendorRangeList.length,
-		vendorRangeList
+		vendorRangeList,
 	});
 
 	return noRangesData.length < rangesData.length ? noRangesData : rangesData;
@@ -121,7 +121,7 @@ function decodeVendorConsentData(cookieValue) {
 		isRange,
 		defaultConsent,
 		vendorIdBitString,
-		vendorRangeList
+		vendorRangeList,
 	} = decodeVendorCookieValue(cookieValue);
 
 	const cookieData = {
@@ -134,7 +134,7 @@ function decodeVendorConsentData(cookieValue) {
 		selectedPurposeIds: decodeBitsToIds(purposeIdBitString),
 		maxVendorId,
 		created,
-		lastUpdated
+		lastUpdated,
 	};
 
 	if (isRange) {
@@ -168,7 +168,7 @@ function encodePublisherConsentData(publisherData) {
 		...publisherData,
 		numCustomPurposes: customPurposes.length,
 		standardPurposeIdBitString: encodePurposeIdsToBits(purposes, selectedPurposeIds),
-		customPurposeIdBitString: encodePurposeIdsToBits(customPurposes, selectedCustomPurposeIds)
+		customPurposeIdBitString: encodePurposeIdsToBits(customPurposes, selectedCustomPurposeIds),
 	});
 }
 
@@ -180,7 +180,7 @@ function decodePublisherConsentData(cookieValue) {
 		publisherPurposeVersion,
 		created,
 		lastUpdated,
-		customPurposeIdBitString
+		customPurposeIdBitString,
 	} = decodePublisherCookieValue(cookieValue);
 
 	return {
@@ -190,7 +190,7 @@ function decodePublisherConsentData(cookieValue) {
 		publisherPurposeVersion,
 		created,
 		lastUpdated,
-		selectedCustomPurposeIds: decodeBitsToIds(customPurposeIdBitString)
+		selectedCustomPurposeIds: decodeBitsToIds(customPurposeIdBitString),
 	};
 }
 
@@ -199,10 +199,7 @@ function readCookie(name) {
 	const parts = value.split(`; ${name}=`);
 
 	if (parts.length === 2) {
-		return parts
-			.pop()
-			.split(';')
-			.shift();
+		return parts.pop().split(';').shift();
 	}
 }
 
@@ -211,7 +208,8 @@ function writeCookie(name, value, maxAgeSeconds, path = '/') {
 	const expires =
 		maxAgeSeconds === null ? '' : ';expires=' + new Date(new Date() * 1 + maxAgeSeconds * 1000).toUTCString();
 	// System1:start getCookieDomain customized to work as *.somedomain by default
-	const cookie = `${name}=${value}${getCookieDomain()};path=${path}${maxAge}${expires}`;
+	const secure = global.location && global.location.protocol === 'http:' ? ';SameSite=Lax' : ';SameSite=None;secure';
+	const cookie = `${name}=${value}${getCookieDomain()};path=${path}${maxAge}${expires}${secure}`;
 	document.cookie = cookie;
 	return cookie;
 	// System1:end
@@ -247,15 +245,15 @@ function writePublisherConsentCookie(publisherConsentData) {
 function readGlobalVendorConsentCookie() {
 	log.debug('Request consent data from global cookie');
 	return sendPortalCommand({
-		command: 'readVendorConsent'
+		command: 'readVendorConsent',
 	})
-		.then(result => {
+		.then((result) => {
 			log.debug('Read consent data from global cookie', result);
 			if (result) {
 				return decodeVendorConsentData(result);
 			}
 		})
-		.catch(err => {
+		.catch((err) => {
 			log.error('Failed reading global vendor consent cookie', err);
 		});
 }
@@ -272,8 +270,8 @@ function writeGlobalVendorConsentCookie(vendorConsentData) {
 		command: 'writeVendorConsent',
 		encodedValue: encodeVendorConsentData(vendorConsentData),
 		vendorConsentData,
-		cmpVersion: pack.version
-	}).catch(err => {
+		cmpVersion: pack.version,
+	}).catch((err) => {
 		log.error('Failed writing global vendor consent cookie', err);
 	});
 }
@@ -336,5 +334,5 @@ export {
 	readPublisherConsentCookie,
 	writePublisherConsentCookie,
 	PUBLISHER_CONSENT_COOKIE_NAME,
-	VENDOR_CONSENT_COOKIE_NAME
+	VENDOR_CONSENT_COOKIE_NAME,
 };