2

I have this code for many years, implementing TCFv2 cookie consent with Google Funding Choices.

    window.googlefc.callbackQueue.push({
        'CONSENT_DATA_READY': function () {
            /* __tcfapi is undefined!! */
            return __tcfapi('addEventListener', 2, function (tcData, success) {
                if (success
                    && tcData.gdprApplies
                    && (tcData.eventStatus === 'tcloaded' || tcData.eventStatus === 'useractioncomplete')
                    && tcData.purpose.consents[1]) {
                    ...
                }
            });
        }
    });

It works 99.99% of the time, it has appeared so.

However, today, one of my Chrome profiles seem to have got "broken", in that whenever this CONSENT_DATA_READY event is triggered, __tcfapi is not defined.

I tried a number of things, like making sure all extensions are disabled, close Chrome and re-open it, clear just my domain's cookies, etc, but nothing worked. All other Chrome profiles were working well all the time.

error in DevTools

I compared the "Sources" tab in DevTools between two Chrome profiles (on the same webpage), and the one working well had a few more scripts loaded and iframes loaded (TCF-specific iframes).

Only when I cleared all the cookies (including the "google.com" scoped cookies), this issue got fixed.

--

I've just released a temporary piece of code, that checks if __tcfapi is undefined in that spot and reports that to the server (this user data will be fully erased as soon as this test is complete), and I see that a small subset of my users is having this issue right now.

EDIT 18 Dec - 181 distinct European users reported so far.

--

I'm not able to find any solution by doing some research. I found someone on Reddit (in the comments) having the same issue as me, and they "resolved" by just removing the event. Other places that report issues with __tcfapi seem to be a slightly different error, like __tcfapi is not a function, which is not the issue I'm having.

--

This looks like it's a bug from Google Funding Choices, but does anyone have any idea how to "auto-fix" this or what can I do so that these users will stop getting this error and proceed as expected?

Nuno
  • 3,082
  • 5
  • 38
  • 58

1 Answers1

0

NB: This is a complete re-edit to reflect the discussion with the questioner.

Some thoughts.

On Error 2.1a

I first suspected that your problem may correspond to Error 2.1a, which is also indicated by the discussion in the GFC community thread you pointed at. The suggested official solution would be to check whether getTCData returns TCData.eventStatus = 'tcloaded' first.

That may work in other cases, however you pointed out -- and added corresponding code -- that you already check on tcloaded but the problem of an undefined __tcfapi seems to occur even before that flag is even created.

Another look on the problem's origin

The GFC community thread of 2020, the TCFv2 standardization history and the circumstance that the thread has been closed indicate that the problem mainly existed before the final implementation of TFCv2 in Google Funding Choices. That corresponds to the fact that the described behavior infringes the TCFv2 Specification in the following:

Every consent manager MUST provide the following API function: __tcfapi(command, version, callback, parameter). The function __tcfapi must always be a function and cannot be any other type, even if only temporarily on initialization – the API must be able to handle calls at all times.

However, it's not unreasonable that there are still some older implementations out there in the wild which may cause this problem at some clients.

Interestingly enough, you observed that on your side one of your Chrome profiles got "broken" in the described way and only the clearing of all cookies, incl. the "google.com" scoped ones, fixed the issue.

And now?

At first it would be interesting to check for

  • the tcfPolicyVersion used by the problematic clients, and
  • differences between the temporarily "broken" Chrome profile and the other, working ones.

It also can't hurt to take a look on the official site on Publisher integration with the IAB TCF v2.0 in case some useful gem is hidden which we currently overlook.

On the other hand it could well be that this -- probably rare -- problem will resolve by itself over time when

  • all clients have been updated and support the final implementation of TCFv2, and/or
  • your affected users either someday delete all their Google domained cookies themselves or those time out, and fresh cookies get introduced.

It seems reasonable to assume, that your current patch -- to check whether __tcfapi is undefined -- may be indeed a (fairish) suitable fix, at least for now.

Krokomot
  • 3,208
  • 2
  • 4
  • 20
  • Thank you for your reply. Really appreciate it. I do already check for `tcData.eventStatus === 'tcloaded'`, but that's inside the event listener that is created with `__tcfapi('addEventListener', 2, function (tcData, success) {`, which cannot be created because `__tcfapi` is undefined inside `'CONSENT_DATA_READY': function () {`. So the problem is before that flag can even be checked. – Nuno Dec 23 '22 at 08:18
  • Maybe you can rewrite the function such that you test on `tcloaded` before the problematic line. It's a bit more lines, but maybe worth a try. And of course thought No.2 remains, though you wouldn't be able to do much in that case. – Krokomot Dec 23 '22 at 08:25
  • Okok, I get your last point. Have to think about it. I will try to update if I find something useful. – Krokomot Dec 23 '22 at 09:29
  • I updated the code in my original post above. You'll see that `tcData` can only be accessed inside. I just don't have access to it before doing anything with `__tcfapi` which is undefined. Thanks! Good day. – Nuno Dec 23 '22 at 09:34
  • Weirdly enough your code resembles the approach on the official https://developers.google.com/funding-choices/fc-api-docs#using_funding_choices_with_the_iab_tcf_v2_for_gdpr. Please try, for debugging reasons, to replace your code which adds the event listener with exactly the code given in the reference. – Krokomot Dec 23 '22 at 10:34
  • If that *also* fails, than it indeed seems to confirm my thought No.2 about some clients with a non-final implementation of TCFv2, as the standard says, that __tcfapi MUST always be provided and must be able to handle calls at all times: https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#how-does-the-cmp-provide-the-api – Krokomot Dec 23 '22 at 10:34
  • Oh, I didn't ask an obvious question -- Can you share information on the one Chrome Profile that got "broken"? What's the main diffeence to the other profiles? – Krokomot Dec 23 '22 at 11:30
  • The example is just written in ES6. It's really the same code effectively anyway. Yeah, I've no idea what would have been different in the Chrome profile!! Just the cookies, and even so, I didn't understand what was so different about them. It's always been working fine, until it suddenly broke, and once I cleared the Google domain cookies on my website, it started working again... :/ – Nuno Dec 23 '22 at 16:24
  • Re-Edited my answer to reflect the discussion and deleted my last two comments as obsolete. – Krokomot Dec 25 '22 at 13:37
  • Hey. Even though we didn't seem to find the reason & fix, I really appreciate you spent some good time helping me and you really tried. So... take my +200 rep reward. Thank you very much for everything. In the meantime, I'll continue to see what can be done. Thanks for the tip about `tcfPolicyVersion` - I'll see if I can make the code look at it, etc. – Nuno Dec 26 '22 at 01:09