Get-Consent
GDPR consent string & US Privacy string fetcher
About
Get-Consent is a helper library to make collecting GDPR consent data from CMPs easier. Consent data is typically collected from a window.__cmp() function call by providing certain parameters. This is tedious as the function may arrive (be assigned and ready) later, or may never arrive at all. This library wraps a smart interface around the __cmp() call for fetching consent so that you don't have to worry about the details.
Get-Consent also handles being contained within an iframe, and will try to make window.top.postMessage requests to fetch CMP data. Note that Google personalization is not available in the circumstance that the script is contained within a frame.
Get-Consent supports fetching and processing USP (US Privacy) strings from CMP-style systems and cookies for supporting the CCPA.
Get-Consent is 10.8 KiB minified.
Google Personalization
Get-Consent also recognises Google consent for use with personalized ads. Currently the following CMPs are recognised and supported:
- Quantcast (recommended)
- SourcePoint
Installation
npm install get-consent --save-devUsage
The examples below detail the basic usage of the library. If you're looking for more detailed information, consider reading the API documentation.
The simplest way to fetch consent data is to use one of the getter methods:
Raw consent data:
; ;Consent string:
; { const cString = await ; // "BN5lERiOMYEdiAOAWeFRAAYAAaAAptQ"};Google consent:
; { const googleConsent = await ; // 1 or 0};Google consent is always in number form - 1 meaning consent was granted, 0 meaning it was denied.
Vendor consents:
; { const vendorConsentData = await ; // { // gdprApplies: true, // hasGlobalScope: false, // metaData: "AAAAAAAAAAAAAAAAAAAAAAA", // purposeConsents: { // "1": true, // "2": true, // "3": true // }, // vendorConsents: { // "1": false, // "2": true, // "3": false // } // }};The get* methods will all throw if they fail to fetch consent data, or if they time out. This can be changed by providing an extra option:
const cString = await ;The timeout can be adjusted by specifying it in the options:
const googleConsent = await ;USP Strings (CCPA)
Fetching the USP string is performed using different methods for the most part:
; // ... const uspString = await ;// 1YN-; // true; // false ;The uspApplies and uspOptsOut methods provide detection for whether or not a US Privacy string is valid to use and how it affects data sales opt-out. The uspApplies method will return true for all valid USP strings that are not 1---. The uspOptsOut will return true for all valid USP strings that specify yes (Y) for the 3rd character of the string.
You can read more about the US Privacy string format in the IAB specification.
Manual USP override
You can forcibly override the USP string for a page by setting the property window.__uspStrOvr to a valid US privacy string. For example:
window__uspStrOvr = "1YY-"; // Opt the user out of the sale of their dataConsent Callbacks
Other methods are available for using callbacks as a way to receive consent data:
; const remove = ;Caching
You can use memoization to cache consent fetching, so that multiple calls to some method don't make extra unnecessary CMP requests:
; const mem = ; // Memoization store instance; // Later..; // Does not initiate another CMP request, // but merely reuses the previous requests result and returns that.Compatibility
This library is built using Webpack and Babel, and is designed to work on IE10 and upwards. No support will be provided for IE versions less than 10, nor other obscure browsers and versions.