prebid-server icon indicating copy to clipboard operation
prebid-server copied to clipboard
verified publisher icon prebid

Drop 'support-cors' usersync YAML config

Open bretg opened this issue 11 months ago • 5 comments

Since before even my time in PBS, the YAML files have supported a 'support-cors' field in usersync. Of 230+ bid adapters, only 2 set this to true.

I don't see any code in PBS that looks at this field.

My suspicion is that it's an information flag indicating that the bidder's sync endpoint sets some specific CORS header like Access-Control-Allow-Credentials and/or Access-Control-Allow-Origin. However, That's not documented anywhere and I'm not aware of the use case that drive this ancient config setting.

So I'm proposing that we either:

  • drop support-cors from the usersync YAML entirely
  • OR document what use case it supports and when bidders should declare support-cors:true

bretg avatar Jan 17 '25 19:01 bretg

The cookie_sync endpoint does send this value to the client, but the pbsBidAdapter doesn't use it.

bretg avatar Jan 24 '25 15:01 bretg

I only see three instances of this in PBS-Go YAML files: stroeerCore.yaml imds.yaml orbidder.yaml

bsardo avatar Jan 24 '25 17:01 bsardo

Hi @bsardo & @bretg

The stroeerCore.yaml you referenced is some sort of test file that we didn't create or contribute to: config/test/bidder-info-valid/stroeerCore.yaml

The actual yaml file: static/bidder-info/stroeerCore.yaml (no support-cors there).

philipwatson avatar Jan 28 '25 02:01 philipwatson

Dear Prebid-Server Developers, @bretg,

we (Orbidder Developers) had set "supportCORS" to true, because the Sync Endpoint support CORS. But there is no other spezial behavior than handling an "OPTIONS" request at our implementation. So from our side it is fine to remove the flag, if there is no need for it.

Greetings Team Orbidder

arneschulz1984 avatar Jan 30 '25 14:01 arneschulz1984

Thanks for the response. We'll drop this in PBS 4.0 later this year.

bretg avatar Feb 12 '25 15:02 bretg