Consent Manager 2.0.0 Patch 3
- Thread starter DEBTech
- Start date
Thank you for your quick reply and detailed explanation. Unfortunately, I can't confirm this yet.
Steps to reproduce:
XF Version 2.3.10, DEB Consent Manager 1.0.2 Patch 4.
Is it possible that there might be a problem with Cloudflare? I've also disabled all other XenForo add-ons. Cloudflare is the only thing I can think of in this context.
Thank you.
Steps to reproduce:
- Browser Edge, Windows 11
- Settings, Clear browsing data, Time range: All time, Clear now.
- Close and restart the browser.
- Visit the URL; the cookie banner appears at the bottom of the website.
- Select Customize.
- Option Store and/or access information on a device so it is activated (required/default).
- Set Select basic ads to on.
- Save selection; the cookie banner closes.
- Click on What's new or click on some threads.
- Scroll down to Cookie Settings, Change Cookie Settings, Privacy Dialog -> Select basic ads is not active.
XF Version 2.3.10, DEB Consent Manager 1.0.2 Patch 4.
Is it possible that there might be a problem with Cloudflare? I've also disabled all other XenForo add-ons. Cloudflare is the only thing I can think of in this context.
Thank you.
Thanks for the detailed steps to reproduce! I was able to track down the issue. The problem was that when reopening the consent dialog via "Change Cookie Settings", the toggles always started in the OFF position - even though your selection (e.g. Purpose 1 + 2) was correctly saved in the cookie. The toggles simply didn't read back the saved state.
I've fixed this in Patch 5. Please download the latest version and install it with "Overwrite all files" enabled. After that, clear your cache once.
Regarding Cloudflare: that shouldn't be causing the issue, but if you have HTML or JS caching enabled there, I'd recommend purging the Cloudflare cache after updating to make sure the new JavaScript file gets served.
I've fixed this in Patch 5. Please download the latest version and install it with "Overwrite all files" enabled. After that, clear your cache once.
Regarding Cloudflare: that shouldn't be causing the issue, but if you have HTML or JS caching enabled there, I'd recommend purging the Cloudflare cache after updating to make sure the new JavaScript file gets served.
The steps mentioned (clearing the browser cache, clearing the Cloudflare cache, reinstalling Patch Level 5 including overwriting the files) unfortunately did not change the behavior. This also applies in incognito mode.
In the logs it is correct when you save selection
Action - custom
Purposes - 1,2
But on the cookie setting page previous selected options are not saved.
DEBTech updated Consent Manager (IAB TCF 2.2) with a new update entry:
1.0.2 Patch 6
Read the rest of this update entry...
1.0.2 Patch 6
Bug Fixes:
- Fixed consent toggle states not restored when reopening the consent dialog (e.g. "Select basic ads"
showing OFF even though it was saved as ON)
- Fixed public JavaScript file (js/addons/) not being updated during build - only the source copy
(src/addons/) was updated, causing the live server to serve the old version
Deleted cookie → Banner appears
Clicked "Customize" → Layer 2 opens
Enabled Purpose 2 "Select basic ads" → Toggle ON
Clicked "Save Selection" → Banner...
Read the rest of this update entry...
Information taken from vendor list seems missing
ID 430
IAB Vendor ID 755
Name Google Advertising Products
Consent purposes -
Code:
"755": {"id": 755, "name": "Google Advertising Products", "purposes": [1, 3, 4], "legIntPurposes": [2, 7, 9, 10], "flexiblePurposes": [2, 7, 9, 10], "specialPurposes": [1, 2, 3], "features": [1, 2], "specialFeatures": [], "cookieMaxAgeSeconds": 34190000, "usesCookies": true, "cookieRefresh": false, "urls": [{"langId": "en", "privacy": "https://business.safety.google/privacy/", "legIntClaim": "https://policies.google.com/privacy#europeanrequirements"}, {"langId": "bg", "privacy": "https://business.safety.google/intl/bg/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=bg#europeanrequirements"}, {"langId": "cs", "privacy": "https://business.safety.google/intl/cs/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=cs#europeanrequirements"}, {"langId": "da", "privacy": "https://business.safety.google/intl/da/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=da#europeanrequirements"}, {"langId": "de", "privacy": "https://business.safety.google/intl/de/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=de#europeanrequirements"}, {"langId": "el", "privacy": "https://business.safety.google/intl/el/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=el#europeanrequirements"}, {"langId": "es", "privacy": "https://business.safety.google/intl/es/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=es#europeanrequirements"}, {"langId": "et", "privacy": "https://business.safety.google/intl/et/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=et#europeanrequirements"}, {"langId": "fi", "privacy": "https://business.safety.google/intl/fi/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=fi#europeanrequirements"}, {"langId": "fr", "privacy": "https://business.safety.google/intl/fr/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=fr#europeanrequirements"}, {"langId": "hr", "privacy": "https://business.safety.google/intl/hr/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=hr#europeanrequirements"}, {"langId": "hu", "privacy": "https://business.safety.google/intl/hu/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=hu#europeanrequirements"}, {"langId": "it", "privacy": "https://business.safety.google/intl/it/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=it#europeanrequirements"}, {"langId": "lt", "privacy": "https://business.safety.google/intl/lt/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=lt#europeanrequirements"}, {"langId": "lv", "privacy": "https://business.safety.google/intl/lv/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=lv#europeanrequirements"}, {"langId": "nl", "privacy": "https://business.safety.google/intl/nl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=nl#europeanrequirements"}, {"langId": "no", "privacy": "https://business.safety.google/intl/no/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=no#europeanrequirements"}, {"langId": "pl", "privacy": "https://business.safety.google/intl/pl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=pl#europeanrequirements"}, {"langId": "pt", "privacy": "https://business.safety.google/intl/pt-PT/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=pt-PT#europeanrequirements"}, {"langId": "ro", "privacy": "https://business.safety.google/intl/ro/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=ro#europeanrequirements"}, {"langId": "sk", "privacy": "https://business.safety.google/intl/sk/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sk#europeanrequirements"}, {"langId": "sl", "privacy": "https://business.safety.google/intl/sl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sl#europeanrequirements"}, {"langId": "sv", "privacy": "https://business.safety.google/intl/sv/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sv#europeanrequirements"}], "usesNonCookieAccess": true, "dataRetention": {"stdRetention": 548, "purposes": {"3": 180, "4": 180}, "specialPurposes": {"1": 1096}}, "dataDeclaration": [1, 2, 3, 5, 6, 7, 8, 10, 11], "deviceStorageDisclosureUrl": "https://www.gstatic.com/iabtcf/deviceStorageDisclosure.json"},ID 430
IAB Vendor ID 755
Name Google Advertising Products
Consent purposes -
Code:
Vendor Name
Google Advertising Products
IAB Vendor ID
755
The vendor ID from the IAB Global Vendor List. Set to 0 for custom vendors.
Vendor URL
en
The vendor website URL.
Privacy Policy URL
https://business.safety.google/privacy/
Link to the vendor privacy policy.
Consent Purposes
Purposes for which this vendor requires consent.
Legitimate Interest Purposes
Purposes for which this vendor claims legitimate interest.
Special Features
Special features used by this vendor.The selection now appears to be saved correctly. Unfortunately I don't have time for further testing today, but I will definitely continue to pursue this topic. Thank you!
You're right, thanks for catching that! The GVL import had a bug where the vendor URL was incorrectly parsed (it stored the language ID "en" instead of the actual URL). The consent purposes, legitimate interest purposes and special features are all stored in the database but the vendor URL wasn't extracted correctly.
I've fixed the URL extraction in Patch 6. To get the correct data for your existing vendors, please re-import the GVL after updating:
1. Install Patch 6 with "Overwrite all files"
2 Go to Consent Manager > Vendors > Import GVL
3 Run the import again - it will update all existing vendors with the correct URLs
The legitimate interest purposes and special features fields are visible when you edit an individual vendor.
I've fixed the URL extraction in Patch 6. To get the correct data for your existing vendors, please re-import the GVL after updating:
1. Install Patch 6 with "Overwrite all files"
2 Go to Consent Manager > Vendors > Import GVL
3 Run the import again - it will update all existing vendors with the correct URLs
The legitimate interest purposes and special features fields are visible when you edit an individual vendor.
One more (final?
) question for today: Does the DEB Consent Manager also work purely for obtaining consent for Google Analytics (GA4)? If so, is it sufficient to include GA4 code snippets before the final </HEAD> tag in the PAGE_CONTAINER template? What specific consent(s) does the user then have to give?
) question for today: Does the DEB Consent Manager also work purely for obtaining consent for Google Analytics (GA4)? If so, is it sufficient to include GA4 code snippets before the final </HEAD> tag in the PAGE_CONTAINER template? What specific consent(s) does the user then have to give?
Yes, the Consent Manager works perfectly fine just for GA4 - you don't need AdSense or any ads for it.
Just place your GA4 code in the PAGE_CONTAINER before </head> as you normally would. The Consent Manager handles the rest automatically: it sets Google Consent Mode v2 to "denied" on page load and switches to "granted" as soon as the visitor accepts. GA4 picks up these signals on its own.
For pure GA4, Purpose 1 (Store/access information) and Purpose 8 (Measure content performance) are the relevant ones. Purpose 1 is always active by default, so the visitor basically just needs to accept.
Quick tip: If you're only using GA4 without any ads, you can disable the ad-related purposes (2, 3, 4) in the settings. That way visitors only see what's actually relevant to them.
Just place your GA4 code in the PAGE_CONTAINER before </head> as you normally would. The Consent Manager handles the rest automatically: it sets Google Consent Mode v2 to "denied" on page load and switches to "granted" as soon as the visitor accepts. GA4 picks up these signals on its own.
For pure GA4, Purpose 1 (Store/access information) and Purpose 8 (Measure content performance) are the relevant ones. Purpose 1 is always active by default, so the visitor basically just needs to accept.
Quick tip: If you're only using GA4 without any ads, you can disable the ad-related purposes (2, 3, 4) in the settings. That way visitors only see what's actually relevant to them.
That worked.
For Google not all purposes are added?
Google Advertising Products (IAB #755)1 , 3 , 4
The privacy url is filled in for both the Vendor URL and Privacy Policy URL, with all vendors. Maybe preferred?
When i edit a vendor these are not filled in
- Consent Purposes
- Legitimate Interest Purposes
- Special Features
DEBTech updated Consent Manager (IAB TCF 2.2) with a new update entry:
1.0.3
Read the rest of this update entry...
1.0.3
Read the rest of this update entry...
Does the addon support Google's Additional Consent specification for non-GVL ATP vendors?
According to Google's documentation publishers using Adsense need to provide consent for Google Ad Tech Provider. These are not on the IAB global vendor list.
support.google.com
This requires generating an "Additional Consent" (AC) string alongside the TC string.
cookie-script.com
"If you want to use Google ads services such as Google AdSense in the EEA market by using vendors that are included in the Google ATP list but are not yet registered with the IAB Europe Global Vendor List, you need to use Google's Additional Consent Mode"
ATP vendor list
According to Google's documentation publishers using Adsense need to provide consent for Google Ad Tech Provider. These are not on the IAB global vendor list.
Google’s Additional Consent technical specification - Google AdSense Help
In this article Components of the Additional Consent The "Additional Consent" (AC) string format
support.google.com
This requires generating an "Additional Consent" (AC) string alongside the TC string.
What Is Google's Additional Consent Mode?
What is Google's Additional Consent Mode? Is it necessary to use it? What are differences and similarities between Google Consent Mode and Additional Consent?
cookie-script.com
"If you want to use Google ads services such as Google AdSense in the EEA market by using vendors that are included in the Google ATP list but are not yet registered with the IAB Europe Global Vendor List, you need to use Google's Additional Consent Mode"
ATP vendor list
Last edited:
You’re absolutely right about Google’s Additional Consent (AC) specification. It is required if non-GVL vendors from Google’s ATP list are involved. In that case, a CMP has to generate an AC string in addition to the TC string so consent can be passed correctly.
That said, this only matters if those vendors are actually being used.
If you are only working with vendors from the IAB Global Vendor List (GVL), the standard TC string is completely sufficient and no AC string is needed.
Right now, my add-on focuses on a clean and compliant IAB TCF 2.2 implementation with the TC string. AC support is not included at the moment because most setups simply do not rely on non-GVL ATP vendors.
If there is real demand for it or a concrete use case comes up, I can definitely look into adding support for the Additional Consent string.
That said, this only matters if those vendors are actually being used.
If you are only working with vendors from the IAB Global Vendor List (GVL), the standard TC string is completely sufficient and no AC string is needed.
Right now, my add-on focuses on a clean and compliant IAB TCF 2.2 implementation with the TC string. AC support is not included at the moment because most setups simply do not rely on non-GVL ATP vendors.
If there is real demand for it or a concrete use case comes up, I can definitely look into adding support for the Additional Consent string.
