Skip to content

Commit

Permalink
Core: fix bug where FPD enrichments can modify bidder configuration (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
dgirardi authored Dec 12, 2024
1 parent 9ec218d commit f5ab059
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/prebid.js
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@ pbjsInstance.requestBids = (function() {
adUnitCodes = adUnitCodes.filter(uniques);
const ortb2Fragments = {
global: mergeDeep({}, config.getAnyConfig('ortb2') || {}, ortb2 || {}),
bidder: Object.fromEntries(Object.entries(config.getBidderConfig()).map(([bidder, cfg]) => [bidder, cfg.ortb2]).filter(([_, ortb2]) => ortb2 != null))
bidder: Object.fromEntries(Object.entries(config.getBidderConfig()).map(([bidder, cfg]) => [bidder, deepClone(cfg.ortb2)]).filter(([_, ortb2]) => ortb2 != null))
}
return enrichFPD(GreedyPromise.resolve(ortb2Fragments.global)).then(global => {
ortb2Fragments.global = global;
Expand Down
23 changes: 23 additions & 0 deletions test/spec/unit/pbjs_api_spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1839,6 +1839,29 @@ describe('Unit: Prebid Module', function () {
}));
});

it('that cannot alter global config', () => {
configObj.setConfig({ortb2: {value: 'old'}});
startAuctionStub.callsFake(({ortb2Fragments}) => {
ortb2Fragments.global.value = 'new'
});
$$PREBID_GLOBAL$$.requestBids({ortb2: auctionFPD});
expect(configObj.getAnyConfig('ortb2').value).to.eql('old');
});

it('that cannot alter bidder config', () => {
configObj.setBidderConfig({
bidders: ['mockBidder'],
config: {
ortb2: {value: 'old'}
}
})
startAuctionStub.callsFake(({ortb2Fragments}) => {
ortb2Fragments.bidder.mockBidder.value = 'new';
})
$$PREBID_GLOBAL$$.requestBids({ortb2: auctionFPD});
expect(configObj.getBidderConfig().mockBidder.ortb2.value).to.eql('old');
})

it('enriched through enrichFPD', () => {
function enrich(next, fpd) {
next.bail(fpd.then(ortb2 => {
Expand Down

0 comments on commit f5ab059

Please sign in to comment.