TCF Publisher Restriction support

[gilluminate]

Closes LJ-624

Description Of Changes

Adds support for TCF publisher restrictions when creating the TCF String

Code Changes

• Added tcf_publisher_restrictions to PrivacyExperience and PrivacyExperienceMinimal types
• Added TcfPublisherRestriction type definition
• Updated generateFidesString to handle publisher restrictions when generating TC string
• Added logic to process publisher restrictions in TC string generation
• Renamed experience state variable to experienceFull throughout TcfOverlay.tsx for clarity (I was getting confused reading through that file)

Steps to Confirm

Testing currently requires using branch LJ-625-add-tcf-publisher-restrictions-subquery to run your fidesplus backend.

1. Test that publisher restrictions are properly encoded in the TC string by:
   • Setting up a publisher restriction configuration in the admin UI (see below)
   • Enabling the TCF experience with the configuration you created selected in the TCF Configuration dropdown
   • Opening the TCF overlay on the Privacy Center demo page (eg. /fides-js-demo.html?geolocation=eea)
   • Accepting all preferences
   • Verifying the generated TC string contains the correct publisher restrictions by copying the TCF string from the cookie and pasting it in https://iabgpp.com and scrolling down to the very bottom of the page. As long as the IDs you entered are valid vendor IDs included in the experience, the list should reflect the restrictions you configured
2. Confirm that existing functionality (consent management, vendor preferences, etc.) continues to work as expected

Steps to setting up a publisher restriction configuration

1. Ensure the Publisher Restrictions feature flag is enabled in Admin UI
2. Ensure you have some vendors enabled. It's best if you know what their GVL vendor ID is.
3. Navigate to the consent settings page (/settings/consent)
4. Enable the Override vendor purposes toggle
5. Click the "Create configuration +" button. Give your config a name and save it.
6. Click an "Edit" button, which takes you to the Consent Configuration page
7. Click "Add restriction +"
8. Choose any of the options and follow the instructions. Any vendor ID you choose that's not a vendor added to the system will be ignored, so it's best if you use those ID's as you go.
9. Add another restriction if you want.
10. Use the breadcrumb to go back to the consent settings page.
11. Do similar for other purposes

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
fides-plus-nightly	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 1, 2025 3:18pm
fides-privacy-center	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 1, 2025 3:18pm

[eastandwestwind]

Looks good! Just 1 clarifying question for you @gilluminate , non-blocking

[eastandwestwind]

Nice code comment, thanks!

[eastandwestwind]

Can you tell me more about when we're expecting experiences to have tcf_publisher_restrictions defined? Is this going to be a migration or does this require manual Admin-UI work to populate this field?

[gilluminate]

This requires manual Admin-UI work. There needs to be a configuration added to the TCF experience and the only way to create a configuration if they have legacy in place, is to first remove the legacy. I have a loom I can send you explaining that process.

[eastandwestwind]

Oh yes! If you could send the loom, that would be great, especially as I do testing tomorrow

[cypress]

fides    Run #12889

Run Properties:   Passed #12889  •  be36cf8d2f: TCF Publisher Restriction support (#6102)

Project	fides
Branch Review	main
Run status	Passed #12889
Run duration	00m 56s
Commit	be36cf8d2f: TCF Publisher Restriction support (#6102)
Committer	Jason Gill
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	5
View all changes introduced in this branch ↗︎