WordAds: Enable A8C CMP banner support (#35165)

Alameen688 · cphilleo · web-flow · commit d0dddde0c642 · 2024-02-19T21:55:27.000Z
* Load CMP scripts from WPCOM public API
 
* Override cookie consent block when CMP is enabled

* Allow ad privacy link to resurface the CMP


---------

Co-authored-by: Collyn Philleo &lt;collyn.philleo@automattic.com&gt;
diff --git a/projects/plugins/jetpack/changelog/wordads-cmp-support b/projects/plugins/jetpack/changelog/wordads-cmp-support
@@ -0,0 +1,4 @@
+Significance: minor
+Type: enhancement
+
+Privacy: Add preliminary support for WordAds Consent Management Provider
diff --git a/projects/plugins/jetpack/extensions/blocks/cookie-consent/cookie-consent.php b/projects/plugins/jetpack/extensions/blocks/cookie-consent/cookie-consent.php
@@ -74,6 +74,11 @@ function load_assets( $attr, $content ) {
 	// and we should send fresh HTML with the cookie block in it.
 	notify_batcache_that_content_changed();
 
+	// Filters the display of the Cookie-consent Block e.g by GDPR CMP banner on WordAds sites.
+	if ( apply_filters( 'jetpack_disable_cookie_consent_block', false ) ) {
+		return '';
+	}
+
 	// If the user has already accepted the cookie consent, don't show the block.
 	if ( isset( $_COOKIE[ COOKIE_NAME ] ) ) {
 		return '';
diff --git a/projects/plugins/jetpack/modules/wordads/class-wordads.php b/projects/plugins/jetpack/modules/wordads/class-wordads.php
@@ -19,6 +19,7 @@
 require_once WORDADS_ROOT . '/php/class-wordads-cron.php';
 require_once WORDADS_ROOT . '/php/class-wordads-california-privacy.php';
 require_once WORDADS_ROOT . '/php/class-wordads-ccpa-do-not-sell-link-widget.php';
+require_once WORDADS_ROOT . '/php/class-wordads-consent-management-provider.php';
 
 /**
  * Primary WordAds class.
@@ -179,6 +180,7 @@ public function __construct() {
 
 		if ( is_admin() ) {
 			WordAds_California_Privacy::init_ajax_actions();
+			WordAds_Consent_Management_Provider::init_ajax_actions();
 		}
 	}
 
@@ -207,6 +209,11 @@ public function init() {
 			WordAds_California_Privacy::init();
 		}
 
+		// Initialize CMP  if enabled.
+		if ( isset( $this->params->options['wordads_cmp_enabled'] ) && $this->params->options['wordads_cmp_enabled'] ) {
+			WordAds_Consent_Management_Provider::init();
+		}
+
 		if ( isset( $_SERVER['REQUEST_URI'] ) && '/ads.txt' === $_SERVER['REQUEST_URI'] ) {
 
 			$ads_txt_transient = get_transient( 'wordads_ads_txt' );
@@ -363,7 +370,7 @@ public function insert_head_meta() {
 		$is_logged_in = is_user_logged_in() ? '1' : '0';
 		?>
 		<script<?php echo esc_attr( $data_tags ); ?> type="text/javascript">
-			var __ATA_PP = { pt: <?php echo esc_js( $pagetype ); ?>, ht: <?php echo esc_js( $hosting_type ); ?>, tn: '<?php echo esc_js( get_stylesheet() ); ?>', uloggedin: <?php echo esc_js( $is_logged_in ); ?>, amp: false, siteid: <?php echo esc_js( $site_id ); ?>, consent: <?php echo esc_js( $consent ); ?>, ad: { label: { text: '<?php echo esc_js( __( 'Advertisements', 'jetpack' ) ); ?>' }, reportAd: { text: '<?php echo esc_js( __( 'Report this ad', 'jetpack' ) ); ?>' } } };
+			var __ATA_PP = { pt: <?php echo esc_js( $pagetype ); ?>, ht: <?php echo esc_js( $hosting_type ); ?>, tn: '<?php echo esc_js( get_stylesheet() ); ?>', uloggedin: <?php echo esc_js( $is_logged_in ); ?>, amp: false, siteid: <?php echo esc_js( $site_id ); ?>, consent: <?php echo esc_js( $consent ); ?>, ad: { label: { text: '<?php echo esc_js( __( 'Advertisements', 'jetpack' ) ); ?>' }, reportAd: { text: '<?php echo esc_js( __( 'Report this ad', 'jetpack' ) ); ?>' }, privacySettings: { text: '<?php echo esc_js( __( 'Privacy', 'jetpack' ) ); ?>', onClick: function() { window.__tcfapi && window.__tcfapi('showUi'); } } } };
 			var __ATA = __ATA || {};
 			__ATA.cmd = __ATA.cmd || [];
 			__ATA.criteo = __ATA.criteo || {};
@@ -742,6 +749,7 @@ public function get_dynamic_ad_snippet( $section_id, $form_factor = 'square', $l
 						},
 						privacySettings: {
 							text: '{$privacy_settings_text}',
+							onClick: function() { window.__tcfapi && window.__tcfapi('showUi'); },
 						}
 					}
 				});
diff --git a/projects/plugins/jetpack/modules/wordads/js/cmp-loader.js b/projects/plugins/jetpack/modules/wordads/js/cmp-loader.js
@@ -0,0 +1,21 @@
+// eslint-disable-next-line no-unused-vars
+function a8c_cmp_callback( data ) {
+	if ( data && data.scripts && Array.isArray( data.scripts ) ) {
+		if ( data.config ) {
+			let configurationScript = document.createElement( 'script' );
+			configurationScript.id = 'cmp-configuration';
+			configurationScript.type = 'application/configuration';
+			configurationScript.innerHTML = JSON.stringify( data.config );
+
+			// Add the cmp-configuration script element to the document's body
+			document.head.appendChild( configurationScript );
+		}
+
+		// Load each cmp script
+		data.scripts.forEach( function ( scriptUrl ) {
+			let script = document.createElement( 'script' );
+			script.src = scriptUrl;
+			document.head.appendChild( script );
+		} );
+	}
+}
diff --git a/projects/plugins/jetpack/modules/wordads/php/class-wordads-consent-management-provider.php b/projects/plugins/jetpack/modules/wordads/php/class-wordads-consent-management-provider.php
@@ -0,0 +1,130 @@
+<?php
+/**
+ * WordAds Consent Management Provider
+ *
+ * @package automattic/jetpack
+ */
+
+use Automattic\Jetpack\Assets;
+
+/**
+ * Class WordAds_Consent_Management_Provider
+ *
+ * This is an integration with the GDPR Consent Management Provider
+ * to comply with GDPR requirements for privacy and transparency related to advertising.
+ */
+class WordAds_Consent_Management_Provider {
+
+	/**
+	 * IAB specified cookie name for storing the consent string.
+	 */
+	const COOKIE_NAME = 'euconsent-v2';
+
+	/**
+	 * Initializes loading of the frontend framework.
+	 */
+	public static function init() {
+		// Prevent Cookies & Consent banner from displaying when the CMP is active.
+		add_filter( 'jetpack_disable_eu_cookie_law_widget', '__return_true' );
+		add_filter( 'jetpack_disable_cookie_consent_block', '__return_true' );
+
+		// Enqueue scripts.
+		add_action( 'wp_enqueue_scripts', array( __CLASS__, 'enqueue_frontend_scripts' ) );
+	}
+
+	/**
+	 * AJAX handlers for fetching purposes and vendor data and setting the cookie serverside.
+	 *
+	 * Serverside cookie used so that the expiration can be longer than one week.
+	 * This function is called from: /mu-plugins/wordads-ajax.php to ensure they run on all
+	 * requests including admin requests.
+	 */
+	public static function init_ajax_actions() {
+		add_action( 'wp_ajax_gdpr_set_consent', array( __CLASS__, 'handle_set_consent_request' ) );
+		add_action( 'wp_ajax_nopriv_gdpr_set_consent', array( __CLASS__, 'handle_set_consent_request' ) );
+	}
+
+	/**
+	 * Handler for setting consent cookie AJAX request.
+	 */
+	public static function handle_set_consent_request() {
+
+		// phpcs:disable WordPress.Security.NonceVerification.Missing
+		if ( ! isset( $_POST['consent'] ) ) {
+			wp_send_json_error();
+		}
+
+		// TODO: Is there better sanitizing we can do here?
+		$consent = trim( wp_unslash( $_POST['consent'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+
+		setcookie( self::COOKIE_NAME, $consent, time() + YEAR_IN_SECONDS, '/', self::get_cookie_domain(), is_ssl(), false ); // phpcs:ignore Jetpack.Functions.SetCookie -- Client side CMP needs to be able to read this value.
+
+		wp_send_json_success( true );
+
+		// phpcs:enable WordPress.Security.NonceVerification.Missing
+	}
+
+	/**
+	 * Enqueues the main frontend Javascript.
+	 */
+	public static function enqueue_frontend_scripts() {
+		wp_enqueue_script(
+			'cmp_script_loader',
+			Assets::get_file_url_for_environment(
+				'__inc/build/wordads/js/cmp-loader.min.js',
+				'modules/wordads/js/cmp-loader.js'
+			),
+			array(),
+			JETPACK__VERSION,
+			false
+		);
+
+		$request_url = self::get_config_url();
+		wp_enqueue_script(
+			'cmp_config_script',
+			Assets::get_file_url_for_environment(
+				$request_url,
+				$request_url
+			),
+			array(),
+			JETPACK__VERSION,
+			false
+		);
+	}
+
+	/**
+	 * Gets the value to be used when an opt-in cookie is set.
+	 *
+	 * @return string The value to store in the opt-in cookie.
+	 */
+	private static function get_config_url() {
+		$locale      = strtolower( get_locale() ); // Defaults to en_US not en.
+		$request_url = 'https://public-api.wordpress.com/wpcom/v2/sites/' . self::get_blog_id() . '/cmp/configuration/' . $locale . '/?_jsonp=a8c_cmp_callback';
+		return $request_url;
+	}
+
+	/**
+	 * Get the blog ID.
+	 *
+	 * @return Object current blog id.
+	 */
+	private static function get_blog_id() {
+		return Jetpack_Options::get_option( 'id' );
+	}
+
+	/**
+	 * Gets the domain to be used for the opt-out cookie.
+	 * Use the site's custom domain, or if the site has a wordpress.com subdomain, use .wordpress.com to share the cookie.
+	 *
+	 * @return string The domain to set for the opt-out cookie.
+	 */
+	public static function get_cookie_domain() {
+		$host = 'localhost';
+
+		if ( isset( $_SERVER['HTTP_HOST'] ) ) {
+			$host = filter_var( wp_unslash( $_SERVER['HTTP_HOST'] ) );
+		}
+
+		return '.wordpress.com' === substr( $host, -strlen( '.wordpress.com' ) ) ? '.wordpress.com' : '.' . $host;
+	}
+}
