Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries.

[lewis-lynchpin]

This error message is thrown unfortunately when simply trying to run the Preview in the Template editor. Subsequently the tag does not work as intended.

Any thoughts at all on how to resolve this?

Thanks in advance!

[simonmadsen]

Onetrust have been wanting to update this CMP for half a year or more @jmpate

[ciejason]

I just ran into this issue also. Tried to add 'google_tag_data.ics.entries' to the permissions tab under "Access global variables", and got the following message

"The value must not start with any key predefined on global scope (i.e. in Window), or any JavaScript

[ciejason]

@lewis-lynchpin, I was able to get past the error by doing the following:

Removing the lines related to "google_tag_data.ics.entries", it seems @jmpate added that for debugging purposes only.

You also need to adjust the permissions on the default template: updateGCM needs Read/Execute access as a global variable https://cdn.cookielaw.org/* needs to be added to the allowed URL list under injected scripts permissions

[lewis-lynchpin]

@ciejason Brilliant - that works!

Hopefully the plugin gets an update soon to resolve this, as for containers not managed exclusively by ourselves I'm wary of having a template that requires custom modifications.

[simonmadsen]

@jmpate ?

[ciejason]

@lewis-lynchpin @simonmadsen @jmpate, I ran into another issue when testing my integration. Maybe I'm missing something, but at what point does the updateConsent method get called?

callInWindow('updateGCM',updateConsent);

Passes updateConsent to a method window.updateGCM, but that method doesn't seem to exist? (I thought maybe OneTrust's script would define it on the window).

The problem is that the consent is supposed to be updated before my other tags are triggered so that they can be blocked/allowed by the consent settings defined on the tag.

Looking at OneScript's minified code, I see this: window.gtag(pe.consent, ge.update, t)

It appears to be updating my consent for each type (based on my selections/interaction with the cookies banner), but it does it too late in the process if I am not mistaken. See this note from Google's Docs https://developers.google.com/tag-platform/tag-manager/templates/consent-apis#update_consent_state

Any ideas?

[ciejason]

From OneTrust's documentation:

update commands will be sent when a user updates consent through the OneTrust CDN. gtag('consent', 'update', {'ad_storage': 'granted'}); When your Google tags receive a gtag('consent', 'update') command that grants a previously denied consent type, they will adjust their subsequent behavior on the current page and may send additional requests with information about the consent state to help improve your data.

I'm reading this to mean that if your tag was triggered, and it is one that adjusts it's behavior based on the consent types granted, then everything will work as expected. This does not address tags that were not fired on page load. I'm at a loss of how to accomplish this, other than listening for the "OneTrustGroupUpdated" custom event detailed in the OneTrust knowledge base article "Cookie Consent Integration with Google Tag Manager". However, I thought the Google Consent mode was supposed to replace this method

[ciejason]

@simonmadsen @lewis-lynchpin , I was able to get a proof of concept working to synchronously grab the user's saved consent via OneTrust's OptanonConsent cookie. This is the recommended method in Google's documentation for creating a GTM Consent Mode Template. From https://developers.google.com/tag-platform/tag-manager/templates/consent-apis#update_consent_state

. If possible, it is preferable to use the template’s sandboxed code to read the user’s consent directly from the cookie(s) that store it instead of using external code to do this.

The only concern with this method would be if OneTrust ever changes the cookie name or format of the value stored. I'll post back once I'm able to run a few more tests.

[cbravo]

@ciejason I just took a look at the global variables window.OneTrust and window.Optanon and there is a function there called UpdateGCM which looks like the function we are supposed to call. so I guess we need to update the code to point to window.OneTrust.UpdateGCM or window.Optanon.UpdateGCM instead of window.updateGCM. Note that you will have to also update the global variable permissions to include execute one OneTrust.UpdateGCM to reflect this change.

I am convinced this was the intention of @jmpate but unfortunately I still cannot get this to work even with this update.

[cbravo]

Two things I noticed wrong with the update code:

• it needs to be updated to use indexOf instead of find (array.find is not supported as documented here)
• Pulling the value for OnetrustActiveGroups needs to be done with copyFromWindow not callFromWindow

  
  const userGroups = copyFromWindow('OnetrustActiveGroups');
  log('updateConsent');
  const consentArray = userGroups.split(",");
  log('==Active Groups==', consentArray);
  const updateData = {
  ad_storage: consentArray.indexOf(data.adStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  analytics_storage: consentArray.indexOf(data.analyticsStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  functionality_storage: consentArray.indexOf(data.functionalityStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  personalization_storage: consentArray.indexOf(data.personalizationStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  security_storage: consentArray.indexOf(data.securityStorageCategory) !== -1 ? CONSENT.granted : CONSENT.denied,
  };

updateConsentState(updateData);

I couldn't figure out how to get the `callInWindow('OneTrust.UpdateGCM', updateConsent);` to work so currently I have my setup working by splitting up the code into two templates. One template is for setting the default values and injecting the script and the second which fires on `OneTrustGroupsUpdated` handles updating the consent settings. I will see if I can get this to work as a single template.

[cbravo]

OneTrust does seem to have this feature on the cookie banner and it DOES update consent properly so some of this is no longer needed HOWEVER it does not seem to set defaults for when users have not yet interacted with the banner at all. Consent is not set until the cookie OptanonAlertBoxClosed is set.

[ciejason]

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here https://github.com/jmpate/ot-cmp-gcm-template/issues/5#issuecomment-1309203066.

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

[cbravo]

Something missing from this template out of the box is the ability to take advantage of any category mapping done on a geolocation basis for your defaults. For example if you are using multiple templates in onetrust (GDPR, CCPA for california) the cookie categories and how they map to each google consent category may be different. Instead of setting the defaults before injecting the onetrust script I wrote this small template that fires only once per page on the OneTrustLoaded event AFTER onetrust is loaded the very first time so that I can set the defaults based on the settings in OneTrust (see screenshot). If the user already has set their preferences OneTrust should set those right after and override these defaults so it should work in that case too. If you do use this code make sure to set permissions so that you have access to the appropriate globals.

log('setDefaultConsentState');
const consentArray = userGroups.split(",");
log('==Active Groups==', consentArray);

// this call gets the domain settings for one trust.
const consentMaping = callInWindow('OneTrust.GetDomainData').GoogleConsent;

const categoryMapping = {
  ad_storage : consentMaping.GCAdStorage,
  analytics_storage : consentMaping.GCAnalyticsStorage,
  functionality_storage: consentMaping.GCFunctionalityStorage,
  personalization_storage : consentMaping.GCPersonalizationStorage,
  security_storage : consentMaping.GCSecurityStorage,
};

const updateData = Object.keys(categoryMapping).reduce(function(acc, currItem){
  acc[currItem] = consentArray.indexOf(categoryMapping[currItem]) !== -1 ? CONSENT.granted : CONSENT.denied;
  return acc;
}, {});

log('==Update Data==', updateData);

setDefaultConsentState(updateData);

[thematan]

I really hope you

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment).

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

I really hope you'll succeed. I tried some moves recommended here, but failed to make it work. I can't believe we need to spend time and effort on paid product, it is absurd

[simonmadsen]

OneTrust does seem to have this feature on the cookie banner and it DOES update consent properly so some of this is no longer needed HOWEVER it does not seem to set defaults for when users have not yet interacted with the banner at all. Consent is not set until the cookie OptanonAlertBoxClosed is set.

@cbravo @ciejason (@lewis-lynchpin @jmpate @thematan)

the onetrust option for google consent works in all ways currently as i see it except for one thing. it updates too late which means that only google supported tags fire correct when a) opening a new page after b) having consented on a previous page and c) using the built in option for consent in the custom html tags.

this means that for all non google tags using the all pages trigger (gtm.start/container loaded) the custom event trigger OneTrustGroupsUpdated must be applied.

alternatively all tags can be changed to trigger with window.loaded but that is an even less sub-optimal solution

TLDR: onetrust has done all the programming but sets previously set consent too late.

@ciejason i see you worked on a solution to this in your latest comment. any progress?

see pic for reference

[simonmadsen]

Btw i just realized. Even if the timing is improved for existing consent. This still does not fix the initial consent which for non Google tags will require the onetrustupdated or what the name is event. How do Google make their own tags work so well? Hope it can be made for all tags. But they might have set it at Analytics code level and not tag / virtual machine level. But i think the last and at least that should also be a solution, hence doable by us ourselves

[malpaso]

Hi @simonmadsen and @cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment).

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

Hi, do you have any update on your progress?

[simonmadsen]

Sorry. It worked for me and I didn’t do more

---

From: Bill Tindal @.> Sent: Monday, March 27, 2023 6:02:07 AM To: jmpate/ot-cmp-gcm-template @.> Cc: simonmadsen @.>; Mention @.> Subject: Re: [jmpate/ot-cmp-gcm-template] Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries. (Issue #5)

Hi @simonmadsenhttps://github.com/simonmadsen and @cbravohttps://github.com/cbravo,

I am just now able to revisit this. I did not understand why the updateConsent method was needed since OneTrust performs the update as I mentioned here #5 (comment)https://github.com/jmpate/ot-cmp-gcm-template/issues/5#issuecomment-1309203066.

I believe the main concern, and what is missing from the template is the ability to set the default consent based on a users previously selected preference. In order to do this I followed Google's documentation and read OneTrust's cookie that stores the user's preferences.

Here is some rough code from my POC, I still need to refine it and add some error handling, and map the OT consent group to Google's. const otCookie = getCookie('OptanonConsent',true)[0]; const otCookieParams = parseUrl("https://test.com?"+otCookie).searchParams; const otGroups = otCookieParams.groups; log(otGroups); // Returns something like C0003:1,C0001:1,C0002:1,C0004:1,BG88:1

I need to parse otGroups, and then set the default state accordingly. I'll report back when I've completed an end to end test.

Hi, do you have any update on your progress?

— Reply to this email directly, view it on GitHubhttps://github.com/jmpate/ot-cmp-gcm-template/issues/5#issuecomment-1484454303, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJ7WVFPRAPWG6TD3K46Z3DW6EGL7ANCNFSM6AAAAAARLKNWIQ. You are receiving this because you were mentioned.Message ID: @.***>

[ciejason]

@malpaso , I have a working solution that seemed to satisfy my particular need. I will post it towards the end of this week.

[simonmadsen]

Do an update fork on GitHub? Include the changes in the fork i made?

Fra: @.> Sendt: 27. marts 2023 21:41 Til: @.> Cc: @.>; @.> Emne: Re: [jmpate/ot-cmp-gcm-template] Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries. (Issue #5)

@malpasohttps://github.com/malpaso , I have a working solution that seemed to satisfy my particular need. I will post it towards the end of this week.

— Reply to this email directly, view it on GitHubhttps://github.com/jmpate/ot-cmp-gcm-template/issues/5#issuecomment-1485760695, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJ7WVCBE2O2C7EXFG2SL2LW6HUOJANCNFSM6AAAAAARLKNWIQ. You are receiving this because you were mentioned.Message ID: @.***>

[malpaso]

Do an update fork on GitHub? Include the changes in the fork i made?

This is exactly what I did already ;) But interested to see what @ciejason has done.

[malpaso]

@malpaso , I have a working solution that seemed to satisfy my particular need. I will post it towards the end of this week.

@ciejason Any chance you could post your solution?

[hello-nclvn]

@ciejason @malpaso Also curious about the solution; I'm struggling to integrate OneTrust with GCM via Tag Manager. Thanks so much in advance!

[simonmadsen]

I described further up that it works and how

---

From: hello-nclvn @.> Sent: Thursday, June 8, 2023 7:45:39 PM To: jmpate/ot-cmp-gcm-template @.> Cc: simonmadsen @.>; Mention @.> Subject: Re: [jmpate/ot-cmp-gcm-template] Accesses global variables: Prohibited read on global variable: google_tag_data.ics.entries. (Issue #5)

@ciejasonhttps://github.com/ciejason @malpasohttps://github.com/malpaso Also curious about the solution; I'm struggling to integrate OneTrust with GCM via Tag Manager. Thanks so much in advance!

— Reply to this email directly, view it on GitHubhttps://github.com/jmpate/ot-cmp-gcm-template/issues/5#issuecomment-1583084953, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAJ7WVAWLOEJLARYHEAZAILXKIFUHANCNFSM6AAAAAARLKNWIQ. You are receiving this because you were mentioned.Message ID: @.***>