added audit beacon to detect misuse of this bidder. Detects auctions… #1134
Conversation
…within iframes or popup windows.
…uction ended flag was set, preventing additional auctions from completing. This has been removed along with some google analytics tracking code.
|
looks good |
|
@mkendall07 @protonate Sorry to be a pain, but is this something we can get reviewed ASAP? This is actually a really important bug fix for multiple auctions. |
src/adapters/rhythmone.js
Outdated
| i = new Image(); | ||
|
|
||
| if(ao && ao.length > 0) | ||
| data.ancestor_origins = ao[ao.length-1]; |
There was a problem hiding this comment.
code style: please add braces to enclose function body.
src/adapters/rhythmone.js
Outdated
| data.ancestor_origins = ao[ao.length-1]; | ||
|
|
||
| data.popped = (window.opener!==null?1:0); | ||
| data.framed = (window.top===window?0:1); |
There was a problem hiding this comment.
code style: parentheses can be removed.
src/adapters/rhythmone.js
Outdated
| data.response_ms = (new Date()).getTime() - loadStart; | ||
| data.placement_codes = configuredPlacements.join(","); | ||
| data.bidder_version = version; | ||
| data.prebid_timeout = (prebid_instance.cbTimeout || prebid_instance.bidderTimeout); |
There was a problem hiding this comment.
code style: parentheses can be removed.
src/adapters/rhythmone.js
Outdated
| data.prebid_timeout = (prebid_instance.cbTimeout || prebid_instance.bidderTimeout); | ||
|
|
||
| for(var k in data) | ||
| q.push(encodeURIComponent(k)+"="+encodeURIComponent((typeof data[k] === "object" ? JSON.stringify(data[k]) : data[k]))); |
There was a problem hiding this comment.
code style: please add braces to enclose function body.
|
updated code with style suggestions. |
| doc_type : "Prebid Audit", | ||
| placement_id: placementId | ||
| }, | ||
| ao = document.location.ancestorOrigins, |
There was a problem hiding this comment.
Is browser support for ancestorOrigins a concern here?
There was a problem hiding this comment.
It's not a concern, it is only available in webkit browsers TMK so it will only be used if there.
| } | ||
|
|
||
| data.popped = window.opener!==null?1:0; | ||
| data.framed = window.top===window?0:1; |
There was a problem hiding this comment.
Please place this window.top reference in a try/catch as well
There was a problem hiding this comment.
With all due respect, this is unnecessary. A security exception is only thrown when accessing the properties of top. The window object itself can be compared safely.
There was a problem hiding this comment.
@jstocker76 run this: https://jsfiddle.net/04o2funn/
There was a problem hiding this comment.
odd, I get no exception when I run that code in a sample file with a cross domain iframe. Furthermore, I don't get that exception when running the same code by targeting chrome's console to that iframe. What sorcery is this?
There was a problem hiding this comment.
I see. It's the alert causing the exception. If you just run "window.top" no exception.
There was a problem hiding this comment.
yeah that makes sense. This is good. Prebid core should probably just utility this function because tons of bidders do this check.
There was a problem hiding this comment.
https://jsfiddle.net/10j1yw82/
alert must automatically run .toString() on window.top, which would trigger the exception
There was a problem hiding this comment.
Reeling in the proliferation of duplicate functionality must be a full time job. The list of bidders is getting quite long
…built * 'master' of https://github.com/prebid/Prebid.js: (21 commits) add lodash as dependency (prebid#1174) fix size mapping for s2s (prebid#1175) Improve footer styling (prebid#1171) Bugfix: internal bids requested overwritten (prebid#1173) pre-release version bump Prebid 0.23.0 Release Yieldbot adapter - multiple requestBids per pageview (prebid#1146) Widespace adapter validate size fix (prebid#1140) Audience Network: bid when at least one valid slot size (prebid#1148) Quantcast adaptor (prebid#1063) AOL Adapter - ONE Mobile endpoint implemented. (prebid#1115) Prebid Server to Server (prebid#1165) Pubgears Header Bidding Adapter (prebid#953) remove old adloader#trackPixel (prebid#1159) added audit beacon to detect misuse of this bidder. Detects auctions… (prebid#1134) Bidfluence CDN endpoint URL update (prebid#1163) AdSupply adapter (prebid#1162) Sonobi Adapter - Enable size overrides (prebid#1141) Added an editorconfig file to match jshint and jssrc files. (prebid#1147) force cpm to be a number (prebid#1161) ...
…prebid#1134) * added audit beacon to detect misuse of this bidder. Detects auctions within iframes or popup windows. * fix for bug prebid#1123 - Rhythmone: Multiple requestBids Not Working. An auction ended flag was set, preventing additional auctions from completing. This has been removed along with some google analytics tracking code. * Altered the beacon logging domain to something with a functional SSL cert. * updating s3 bucket name * updating s3 bucket name _again_. * Adding optional curly braces. Removing optional parentheses.
… within iframes or popup windows.
Type of change
Description of change
Added an audit beacon to detect unintended use of this bidder.
Other information