ENG-3447: Add att_exempt support to FidesJS consent overlay#8030
Conversation
Adds a boolean att_exempt column to privacynotice, privacynoticehistory, and privacynoticetemplate. When false (default), the notice is controlled by Apple's ATT prompt — automatically disabled and locked when the user denies tracking. When true, the notice is exempt and remains user-toggleable regardless of ATT. Includes Alembic migration and schema update.
|
The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
|
|
Adds a new fides_att_denied option that, when true, automatically disables (locks to opt_out) any privacy notice where att_exempt is false or unset. Notices with att_exempt: true remain interactive regardless of ATT status. This enables the Janus mobile SDK to pass ATT denial status to the embedded consent experience so that ATT-controlled notices are locked consistently in both standard and TCF overlay flows.
When fides_att_denied=true, extend the UI lock beyond custom notices to cover all IAB TCF purposes and vendors. Only notices with att_exempt=true remain user-toggleable; everything else is disabled. - TcfOverlay: pass fidesAttDenied down into TcfTabs - TcfTabs: thread attDenied prop to TcfPurposes and TcfVendors - TcfPurposes: set disabled=attDenied on all consent/legint purpose records - TcfVendors: set disabled=attDenied on all vendor records in PagedVendorData
…Accept/Reject All When fides_att_denied=true, non-exempt custom notices must be locked at opt-out. The disabled flag correctly prevents UI interaction, but handleAcceptAll and handleRejectAll both preserved disabled-but-opted-in notices (a pattern needed for notice_only notices). For returning users whose FidesJS cookie had non-exempt notices as opted-in, this caused Accept All and Reject All to silently save those notices as opted-in despite ATT denial. Fix: filterAttDeniedFromDraft() strips non-exempt ATT notices from the draft at initialization, before the cookie value can pollute draftIds. The existing accept/reject logic then works correctly without any ATT-specific branching — the notices simply aren't in the draft to be "preserved". notice_only and att_exempt notices are kept in the draft unchanged.
thabofletcher
force-pushed
the
ENG-3447/att-fides-js
branch
from
768a0b6 to
3e43d7a
Compare
gilluminate
left a comment
gilluminate
left a comment
There was a problem hiding this comment.
This PR adds non-trivial state-stripping logic with two large explanatory comments, but no unit tests or e2e tests. Let's make sure to include those as passing before merging.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## ENG-3447/att-notice-exempt-field #8030 +/- ##
===================================================================
Coverage ? 85.17%
===================================================================
Files ? 637
Lines ? 41973
Branches ? 4934
===================================================================
Hits ? 35752
Misses ? 5112
Partials ? 1109 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Added tests and they are passing 👍 |
eastandwestwind
left a comment
eastandwestwind
left a comment
There was a problem hiding this comment.
Can we actually prevent a notice-only notice from having att_exampt from being set? It might be confusing to the user if they can set it but it doesn't have an effect down the line?
…CHANGELOG.md edit
The validation becomes a little tricky for this because we would not only have to prevent att_exempt from being set to false for notice_only rows, we would also have to enforce it is true and stays true when they set that. Nothing the user sets though actually can create a bug condition though, so I think its ok |
eastandwestwind
left a comment
eastandwestwind
left a comment
There was a problem hiding this comment.
would be great to extract these fidesAttStatus strings as enum, but if this is too involved we can follow up in separate ticket
thabofletcher
dismissed
gilluminate’s stale review
Made Jason's requested changes and also got another review. Jason is OOO
3 participants
Ticket ENG-3447
Description Of Changes
Adds
fides_att_deniedas a FidesJS override option. Whentrue, privacy notices whereatt_exemptisfalse(or unset) are automatically disabled (toggle locked, opt_out) in both the standard and TCF overlay flows. Notices withatt_exempt: trueremain interactive regardless.This is the FidesJS counterpart to the model/migration PR, and unblocks the Janus mobile SDK (ENG-3380) from implementing native ATT integration — the mobile SDK will pass
fides_att_denied=trueto the embedded consent URL after the user denies Apple's ATT prompt.Depends on: #8029 (model + migration)
Code Changes
att_exempt?: booleantoPrivacyNoticetype inconsent-types.tsfidesAttDenied: booleantoFidesInitOptionsandFidesInitOptionsOverridesfides_att_deniedinFIDES_OVERRIDE_OPTIONS_VALIDATOR_MAP(boolean, accepted as URL param)NoticeOverlay.tsxandTcfOverlay.tsx—disabledistruewhenfidesAttDenied && !notice.att_exemptfidesAttDenied: falseininit-utils.tsfides-options.tsSteps to Confirm
embedded-consent.html?fides_att_denied=truewith an experience that has mixedatt_exemptnoticesatt_exempt: falsehave their toggles disabled and lockedatt_exempt: trueremain interactivePre-Merge Checklist
CHANGELOG.mdupdated