Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries. #5

Open
lewis-lynchpin opened this issue Oct 21, 2022 · 24 comments
Open

Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries. #5

lewis-lynchpin opened this issue Oct 21, 2022 · 24 comments

Comments

@lewis-lynchpin
Copy link

This error message is thrown unfortunately when simply trying to run the Preview in the Template editor. Subsequently the tag does not work as intended.

Any thoughts at all on how to resolve this?

Thanks in advance!
@simonmadsen
Copy link
Contributor

Onetrust have been wanting to update this CMP for half a year or more @jmpate

@ciejason
Copy link

ciejason commented Nov 7, 2022

I just ran into this issue also. Tried to add 'google_tag_data.ics.entries' to the permissions tab under "Access global variables", and got the following message

"The value must not start with any key predefined on global scope (i.e. in Window), or any JavaScript

@ciejason
Copy link

ciejason commented Nov 7, 2022

@lewis-lynchpin, I was able to get past the error by doing the following:

Removing the lines related to "google_tag_data.ics.entries", it seems @jmpate added that for debugging purposes only.

You also need to adjust the permissions on the default template:
updateGCM needs Read/Execute access as a global variable
https://cdn.cookielaw.org/* needs to be added to the allowed URL list under injected scripts permissions

@lewis-lynchpin
Copy link
Author

@ciejason Brilliant - that works!

Hopefully the plugin gets an update soon to resolve this, as for containers not managed exclusively by ourselves I'm wary of having a template that requires custom modifications.

@simonmadsen
Copy link
Contributor

@jmpate ?

@ciejason
Copy link

ciejason commented Nov 9, 2022

@lewis-lynchpin @simonmadsen @jmpate, I ran into another issue when testing my integration. Maybe I'm missing something, but at what point does the updateConsent method get called?

callInWindow('updateGCM',updateConsent);

Passes updateConsent to a method window.updateGCM, but that method doesn't seem to exist? (I thought maybe OneTrust's script would define it on the window).

The problem is that the consent is supposed to be updated before my other tags are triggered so that they can be blocked/allowed by the consent settings defined on the tag.

Looking at OneScript's minified code, I see this:
window.gtag(pe.consent, ge.update, t)

It appears to be updating my consent for each type (based on my selections/interaction with the cookies banner), but it does it too late in the process if I am not mistaken. See this note from Google's Docs https://developers.google.com/tag-platform/tag-manager/templates/consent-apis#update_consent_state

Any ideas?

@ciejason
Copy link

ciejason commented Nov 9, 2022

From OneTrust's documentation:

update commands will be sent when a user updates consent through the OneTrust CDN.
gtag('consent', 'update', {'ad_storage': 'granted'});
When your Google tags receive a gtag('consent', 'update') command that grants a previously denied consent type, they will adjust their subsequent behavior on the current page and may send additional requests with information about the consent state to help improve your data.

I'm reading this to mean that if your tag was triggered, and it is one that adjusts it's behavior based on the consent types granted, then everything will work as expected. This does not address tags that were not fired on page load. I'm at a loss of how to accomplish this, other than listening for the "OneTrustGroupUpdated" custom event detailed in the OneTrust knowledge base article "Cookie Consent Integration with Google Tag Manager". However, I thought the Google Consent mode was supposed to replace this method

@ciejason
Copy link

@simonmadsen @lewis-lynchpin , I was able to get a proof of concept working to synchronously grab the user's saved consent via OneTrust's OptanonConsent cookie. This is the recommended method in Google's documentation for creating a GTM Consent Mode Template. From https://developers.google.com/tag-platform/tag-manager/templates/consent-apis#update_consent_state

. If possible, it is preferable to use the template’s sandboxed code to read the user’s consent directly from the cookie(s) that store it instead of using external code to do this.

The only concern with this method would be if OneTrust ever changes the cookie name or format of the value stored. I'll post back once I'm able to run a few more tests.

@cbravo
Copy link

cbravo commented Nov 25, 2022
edited
Loading

@ciejason I just took a look at the global variables window.OneTrust and window.Optanon and there is a function there called UpdateGCM which looks like the function we are supposed to call. so I guess we need to update the code to point to window.OneTrust.UpdateGCM or window.Optanon.UpdateGCM instead of window.updateGCM. Note that you will have to also update the global variable permissions to include execute one OneTrust.UpdateGCM to reflect this change.

I am convinced this was the intention of @jmpate but unfortunately I still cannot get this to work even with this update.

@cbravo
Copy link

cbravo commented Nov 25, 2022
edited
Loading

Two things I noticed wrong with the update code:

  • it needs to be updated to use indexOf instead of find (array.find is not supported as documented here)
  • Pulling the value for OnetrustActiveGroups needs to be done with copyFromWindow not callFromWindow
const userGroups = copyFromWindow('OnetrustActiveGroups');
log('updateConsent');
const consentArray = userGroups.split(",");
log('==Active Groups==', consentArray);
const updateData = {
  ad_storage: consentArray.indexOf(data.adStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  analytics_storage: consentArray.indexOf(data.analyticsStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  functionality_storage: consentArray.indexOf(data.functionalityStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  personalization_storage: consentArray.indexOf(data.personalizationStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  security_storage: consentArray.indexOf(data.securityStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
};

updateConsentState(updateData);

I couldn't figure out how to get the callInWindow('OneTrust.UpdateGCM', updateConsent); to work so currently I have my setup working by splitting up the code into two templates. One template is for setting the default values and injecting the script and the second which fires on OneTrustGroupsUpdated handles updating the consent settings. I will see if I can get this to work as a single template.

@cbravo
Copy link

cbravo commented Dec 1, 2022
edited
Loading

OneTrust does seem to have this feature on the cookie banner and it DOES update consent properly so some of this is no longer needed HOWEVER it does not seem to set defaults for when users have not yet interacted with the banner at all. Consent is not set until the cookie OptanonAlertBoxClosed is set.
image

@ciejason
Copy link

ciejason commented Dec 2, 2022

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment).

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's.
const otCookie = getCookie('OptanonConsent',true)[0];
const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams;
const otGroups = otCookieParams.groups;
log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

@cbravo
Copy link

cbravo commented Dec 2, 2022
edited
Loading

Something missing from this template out of the box is the ability to take advantage of any category mapping done on a geolocation basis for your defaults. For example if you are using multiple templates in onetrust (GDPR, CCPA for california) the cookie categories and how they map to each google consent category may be different. Instead of setting the defaults before injecting the onetrust script I wrote this small template that fires only once per page on the OneTrustLoaded event AFTER onetrust is loaded the very first time so that I can set the defaults based on the settings in OneTrust (see screenshot). If the user already has set their preferences OneTrust should set those right after and override these defaults so it should work in that case too. If you do use this code make sure to set permissions so that you have access to the appropriate globals.

image

log('setDefaultConsentState');
const consentArray = userGroups.split(",");
log('==Active Groups==', consentArray);

// this call gets the domain settings for one trust.
const consentMaping = callInWindow('OneTrust.GetDomainData').GoogleConsent;

const categoryMapping = {
  ad_storage : consentMaping.GCAdStorage,
  analytics_storage : consentMaping.GCAnalyticsStorage,
  functionality_storage: consentMaping.GCFunctionalityStorage,
  personalization_storage : consentMaping.GCPersonalizationStorage,
  security_storage : consentMaping.GCSecurityStorage,
};

const updateData = Object.keys(categoryMapping).reduce(function(acc, currItem){
  acc[currItem] = consentArray.indexOf(categoryMapping[currItem]) !== -1 ? CONSENT.granted : CONSENT.denied;
  return acc;
}, {});

log('==Update Data==', updateData);

setDefaultConsentState(updateData);

@thematan
Copy link

thematan commented Dec 8, 2022
edited
Loading

I really hope you

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment).

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

I really hope you'll succeed.
I tried some moves recommended here, but failed to make it work.
I can't believe we need to spend time and effort on paid product, it is absurd

@simonmadsen
Copy link
Contributor

OneTrust does seem to have this feature on the cookie banner and it DOES update consent properly so some of this is no longer needed HOWEVER it does not seem to set defaults for when users have not yet interacted with the banner at all. Consent is not set until the cookie OptanonAlertBoxClosed is set. image

@cbravo @ciejason (@lewis-lynchpin @jmpate @thematan)

the onetrust option for google consent works in all ways currently as i see it except for one thing.
it updates too late which means that only google supported tags fire correct when a) opening a new page after b) having consented on a previous page and c) using the built in option for consent in the custom html tags.

this means that for all non google tags using the all pages trigger (gtm.start/container loaded) the custom event trigger OneTrustGroupsUpdated must be applied.

alternatively all tags can be changed to trigger with window.loaded but that is an even less sub-optimal solution

TLDR: onetrust has done all the programming but sets previously set consent too late.

@ciejason i see you worked on a solution to this in your latest comment. any progress?

see pic for reference

image

@simonmadsen
Copy link
Contributor

Btw i just realized.
Even if the timing is improved for existing consent.
This still does not fix the initial consent which for non Google tags will require the onetrustupdated or what the name is event.
How do Google make their own tags work so well?
Hope it can be made for all tags.
But they might have set it at Analytics code level and not tag / virtual machine level. But i think the last and at least that should also be a solution, hence doable by us ourselves

@malpaso
Copy link

malpaso commented Mar 27, 2023

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment).

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

Hi, do you have any update on your progress?

@simonmadsen
Copy link
Contributor

simonmadsen commented Mar 27, 2023 via email

@ciejason
Copy link

@malpaso , I have a working solution that seemed to satisfy my particular need. I will post it towards the end of this week.

@simonmadsen
Copy link
Contributor

simonmadsen commented Mar 28, 2023 via email

@malpaso
Copy link

malpaso commented Mar 28, 2023

Do an update fork on GitHub? Include the changes in the fork i made?

This is exactly what I did already ;) But interested to see what @ciejason has done.

@malpaso
Copy link

malpaso commented Apr 5, 2023

@malpaso , I have a working solution that seemed to satisfy my particular need. I will post it towards the end of this week.

@ciejason Any chance you could post your solution?

@hello-nclvn
Copy link

@ciejason @malpaso Also curious about the solution; I'm struggling to integrate OneTrust with GCM via Tag Manager. Thanks so much in advance!

@simonmadsen
Copy link
Contributor

simonmadsen commented Jun 8, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@malpaso @simonmadsen @cbravo @thematan @ciejason @lewis-lynchpin @hello-nclvn