Add new option for disabling notices-served api in FidesJS (#4965)

CHANGELOG.md

@@ -19,6 +19,7 @@ The types of changes are:
 
 ### Added
 - Added model and data migrations and CRUD-layer operations for property-specific messaging [#4901](https://github.com/ethyca/fides/pull/4901)
+- Added option in FidesJS SDK to only disable notice-served API [#4965](https://github.com/ethyca/fides/pull/4965)
 
 ### Changed
 - Move new data map reporting table out of beta and remove old table from Data Lineage map. [#4963](https://github.com/ethyca/fides/pull/4963)

clients/fides-js/docs/interfaces/FidesOptions.md

@@ -64,7 +64,17 @@ Defaults to `false`.
 
 > **fides\_disable\_save\_api**: `boolean`
 
-When `true`, disable FidesJS from saving user consent preferences to the Fides API
+When `true`, disable FidesJS from saving user consent preferences to the Fides API.
+
+Defaults to `false`.
+
+***
+
+### fides\_disable\_notices\_served\_api
+
+> **fides\_disable\_notices\_served\_api**: `boolean`
+
+When `true`, only disable FidesJS from saving notices served to the Fides API.
 
 Defaults to `false`.
 
@@ -116,7 +126,7 @@ Defaults to `false`.
 > **fides\_locale**: `string`
 
 Override the browser's preferred locale (`navigator.language`) when
-selecting the best translations for the FidesJS UI. 
+selecting the best translations for the FidesJS UI.
 
 Must be set to a `string` that is a valid language code (e.g. `"en-US"`,
 `"fr"`, `"zh-CN"`). See https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language
@@ -132,7 +142,7 @@ Defaults to `undefined`.
 Override the current user's `fides_string` consent preferences (see [Fides.fides_string](Fides.md#fides_string)). Can be used to synchronize consent preferences for a
 registered user from a custom backend, where the `fides_string` could be
 provided by the server across multiple devices, etc.
-selecting the best translations for the FidesJS UI. 
+selecting the best translations for the FidesJS UI.
 
 Defaults to `undefined`.
 
@@ -147,6 +157,6 @@ will always default this value to `true` (since the TCF experience will
 typically only be enabled in locations where GDPR applies), but this can be
 overriden at the page-level as needed. Only applicable to a TCF experience.
 
-For more details, see the [TCF CMP API technical specification](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#what-does-the-gdprapplies-value-mean)  * 
+For more details, see the [TCF CMP API technical specification](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#what-does-the-gdprapplies-value-mean)  *
 
 Defaults to `true`.

clients/fides-js/src/docs/fides-options.ts

@@ -39,42 +39,49 @@ export interface FidesOptions {
    * When `true`, deletes the `fides_consent` cookie when FidesJS is
    * initialized, to clear any previously saved consent preferences from the
    * user's device.
-   * 
+   *
    * Defaults to `false`.
-  */
+   */
   fides_clear_cookie: boolean;
 
   /**
    * When `true`, disable the FidesJS banner from being shown.
-   * 
+   *
    * Defaults to `false`.
-   */ 
+   */
   fides_disable_banner: boolean;
 
   /**
-   * When `true`, disable FidesJS from saving user consent preferences to the Fides API
-   * 
+   * When `true`, disable FidesJS from saving user consent preferences to the Fides API.
+   *
    * Defaults to `false`.
-   */ 
+   */
   fides_disable_save_api: boolean;
 
+  /**
+   * When `true`, only disable FidesJS from saving notices served to the Fides API.
+   *
+   * Defaults to `false`.
+   */
+  fides_disable_notices_served_api: boolean;
+
   /**
    * When `true`, require FidesJS to "embed" it's UI into a specific `<div>` on
    * the page, instead of as an overlay over the `<body>` itself. This is useful
    * for creating a dedicated page to manage consent preferences on your site.
    * Both the consent modal and the banner will be embedded into the container.
    * To only embed the consent modal, set `fides_disable_banner` to `true`.
-   * 
+   *
    * To use the `fides_embed` option, ensure that a DOM element with
    * `id="fides-embed-container"` exists on the page, which FidesJS will then
    * use as the parent element to render within.
    *
    * NOTE: If you're using a JavaScript framework (e.g. React), ensure that you
    * do not re-render the parent `<div>` element, as this could remove the
    * FidesJS UI fully from the page!
-   * 
+   *
    * Defaults to `false`.
-   * 
+   *
    * @example
    * ```html
    * <head>
@@ -92,24 +99,24 @@ export interface FidesOptions {
    *   </div>
    * </body>
    * ```
-   */ 
+   */
   fides_embed: boolean;
 
   /**
    * Override the browser's preferred locale (`navigator.language`) when
-   * selecting the best translations for the FidesJS UI. 
-   * 
+   * selecting the best translations for the FidesJS UI.
+   *
    * Must be set to a `string` that is a valid language code (e.g. `"en-US"`,
    * `"fr"`, `"zh-CN"`). See https://developer.mozilla.org/en-US/docs/Web/API/Navigator/language
-   * 
+   *
    * Defaults to `undefined`.
    */
   fides_locale: string;
 
   /**
    * TODO (PROD-1887): Add docs for using this option. Once added, remove the
    * @internal tag and rebuild!
-   * 
+   *
    * @internal
    */
   fides_primary_color: string;
@@ -119,8 +126,8 @@ export interface FidesOptions {
    * Fides.fides_string}). Can be used to synchronize consent preferences for a
    * registered user from a custom backend, where the `fides_string` could be
    * provided by the server across multiple devices, etc.
-   * selecting the best translations for the FidesJS UI. 
-   * 
+   * selecting the best translations for the FidesJS UI.
+   *
    * Defaults to `undefined`.
    */
   fides_string: string;
@@ -130,10 +137,10 @@ export interface FidesOptions {
    * will always default this value to `true` (since the TCF experience will
    * typically only be enabled in locations where GDPR applies), but this can be
    * overriden at the page-level as needed. Only applicable to a TCF experience.
-   * 
-   * For more details, see the [TCF CMP API technical specification](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#what-does-the-gdprapplies-value-mean)  * 
-   * 
+   *
+   * For more details, see the [TCF CMP API technical specification](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#what-does-the-gdprapplies-value-mean)  *
+   *
    * Defaults to `true`.
    */
   fides_tcf_gdpr_applies: boolean;
-};
+}

clients/fides-js/src/fides-tcf.ts

@@ -237,6 +237,7 @@ const _Fides: FidesGlobal = {
     tcfEnabled: true,
     fidesEmbed: false,
     fidesDisableSaveApi: false,
+    fidesDisableNoticesServedApi: false,
     fidesDisableBanner: false,
     fidesString: null,
     apiOptions: null,

clients/fides-js/src/fides.ts

@@ -175,6 +175,7 @@ const _Fides: FidesGlobal = {
     tcfEnabled: false,
     fidesEmbed: false,
     fidesDisableSaveApi: false,
+    fidesDisableNoticesServedApi: false,
     fidesDisableBanner: false,
     fidesString: null,
     apiOptions: null,

clients/fides-js/src/lib/consent-constants.ts

@@ -43,6 +43,12 @@ export const FIDES_OVERRIDE_OPTIONS_VALIDATOR_MAP: {
     overrideKey: "fides_disable_save_api",
     validationRegex: /^(true|false)$/,
   },
+  {
+    overrideName: "fidesDisableNoticesServedApi",
+    overrideType: "boolean",
+    overrideKey: "fides_disable_notices_served_api",
+    validationRegex: /^(true|false)$/,
+  },
   {
     overrideName: "fidesDisableBanner",
     overrideType: "boolean",

clients/fides-js/src/lib/consent-types.ts

@@ -85,6 +85,9 @@ export interface FidesInitOptions {
   // Whether we should disable saving consent preferences to the Fides API.
   fidesDisableSaveApi: boolean;
 
+  // Whether we should only disable saving notices served to the Fides API.
+  fidesDisableNoticesServedApi: boolean;
+
   // Whether we should disable the banner
   fidesDisableBanner: boolean;
 
@@ -667,6 +670,7 @@ export type FidesInitOptionsOverrides = Pick<
   FidesInitOptions,
   | "fidesString"
   | "fidesDisableSaveApi"
+  | "fidesDisableNoticesServedApi"
   | "fidesEmbed"
   | "fidesDisableBanner"
   | "fidesTcfGdprApplies"

clients/fides-js/src/lib/hooks/useConsentServed.ts

@@ -31,8 +31,8 @@ export const useConsentServed = ({
 
   const handleUIEvent = useCallback(
     async (event: FidesEvent) => {
-      // Disable the notices-served API if the fides_disable_save_api option is set
-      if (options.fidesDisableSaveApi) {
+      // Disable the notices-served API if the fides_disable_save_api option or fides_disable_notices_served_api option is set
+      if (options.fidesDisableSaveApi || options.fidesDisableNoticesServedApi) {
         return;
       }
 

clients/privacy-center/app/server-environment.ts

@@ -48,6 +48,7 @@ export type PrivacyCenterClientSettings = Pick<
   | "PRIVACY_CENTER_URL"
   | "FIDES_EMBED"
   | "FIDES_DISABLE_SAVE_API"
+  | "FIDES_DISABLE_NOTICES_SERVED_API"
   | "FIDES_DISABLE_BANNER"
   | "FIDES_TCF_GDPR_APPLIES"
   | "FIDES_STRING"
@@ -316,6 +317,7 @@ export const loadPrivacyCenterEnvironment = async ({
     PRIVACY_CENTER_URL: settings.PRIVACY_CENTER_URL,
     FIDES_EMBED: settings.FIDES_EMBED,
     FIDES_DISABLE_SAVE_API: settings.FIDES_DISABLE_SAVE_API,
+    FIDES_DISABLE_NOTICES_SERVED_API: settings.FIDES_DISABLE_NOTICES_SERVED_API,
     FIDES_DISABLE_BANNER: settings.FIDES_DISABLE_BANNER,
     FIDES_TCF_GDPR_APPLIES: settings.FIDES_TCF_GDPR_APPLIES,
     FIDES_STRING: settings.FIDES_STRING,

clients/privacy-center/app/server-utils/PrivacyCenterSettings.ts

@@ -24,6 +24,7 @@ export interface PrivacyCenterSettings {
   PRIVACY_CENTER_URL: string; // e.g. http://localhost:3001
   FIDES_EMBED: boolean | false; // (optional) Whether we should "embed" the fides.js overlay UI (ie. “Layer 2”) into a web page
   FIDES_DISABLE_SAVE_API: boolean | false; // (optional) Whether we should disable saving consent preferences to the Fides API
+  FIDES_DISABLE_NOTICES_SERVED_API: boolean | false; // (optional) Whether we should only disable saving notices served to the Fides API
   FIDES_DISABLE_BANNER: boolean | false; // (optional) Whether we should disable showing the banner
   FIDES_TCF_GDPR_APPLIES: boolean; // (optional) The default for the TCF GDPR applies value (default true)
   FIDES_STRING: string | null; // (optional) An explicitly passed-in string that supersedes the cookie. Can contain both TC and AC strings

clients/privacy-center/app/server-utils/loadEnvironmentVariables.ts

@@ -45,6 +45,11 @@ const loadEnvironmentVariables = () => {
       .FIDES_PRIVACY_CENTER__FIDES_DISABLE_SAVE_API
       ? process.env.FIDES_PRIVACY_CENTER__FIDES_DISABLE_SAVE_API === "true"
       : false,
+    FIDES_DISABLE_NOTICES_SERVED_API: process.env
+      .FIDES_PRIVACY_CENTER__FIDES_DISABLE_NOTICES_SERVED_API
+      ? process.env.FIDES_PRIVACY_CENTER__FIDES_DISABLE_NOTICES_SERVED_API ===
+        "true"
+      : false,
     FIDES_DISABLE_BANNER: process.env.FIDES_PRIVACY_CENTER__FIDES_DISABLE_BANNER
       ? process.env.FIDES_PRIVACY_CENTER__FIDES_DISABLE_BANNER === "true"
       : false,

clients/privacy-center/cypress/e2e/consent-banner.cy.ts

@@ -2379,6 +2379,45 @@ describe("Consent overlay", () => {
         });
       });
     });
+
+    it("when fides_disable_notices_served_api option is set, only disables notices-served API", () => {
+      stubConfig({
+        experience: {
+          privacy_notices: buildMockNotices(),
+        },
+        options: {
+          fidesDisableNoticesServedApi: true,
+        },
+      });
+      cy.waitUntilFidesInitialized().then(() => {
+        cy.get("@FidesUIShown").should("not.have.been.called");
+        cy.get("#fides-modal-link").click();
+
+        // Check that notices-served API is not called when the modal is shown
+        cy.get("@FidesUIShown").then(() => {
+          cy.on("fail", (error) => {
+            if (error.message.indexOf("Timed out retrying") !== 0) {
+              throw error;
+            }
+          });
+          cy.wait("@patchNoticesServed", {
+            requestTimeout: 100,
+          }).then((xhr) => {
+            assert.isNull(xhr?.response?.body);
+          });
+        });
+
+        // Also, check that privacy-preferences API is called after saving
+        cy.getByTestId("Save-btn").click();
+        cy.get("@FidesUpdated").then(() => {
+          cy.wait("@patchPrivacyPreference", {
+            requestTimeout: 100,
+          }).then((xhr) => {
+            assert.isNotNull(xhr?.response?.body);
+          });
+        });
+      });
+    });
   });
 
   describe("consent overlay buttons", () => {

clients/privacy-center/pages/api/fides-js.ts

@@ -214,6 +214,8 @@ export default async function handler(
         environment.settings.FIDES_API_URL,
       fidesEmbed: environment.settings.FIDES_EMBED,
       fidesDisableSaveApi: environment.settings.FIDES_DISABLE_SAVE_API,
+      fidesDisableNoticesServedApi:
+        environment.settings.FIDES_DISABLE_NOTICES_SERVED_API,
       fidesDisableBanner: environment.settings.FIDES_DISABLE_BANNER,
       fidesTcfGdprApplies: environment.settings.FIDES_TCF_GDPR_APPLIES,
       fidesString,