From f4b9016d8f8b5413c925aef6565e3cbf0169b3a6 Mon Sep 17 00:00:00 2001 From: dmytro-po Date: Fri, 9 Jan 2026 17:48:05 +0200 Subject: [PATCH 1/5] AGT-756: vrref in payload fix --- libraries/intentIqUtils/getRefferer.js | 34 ++++++++++++++++++-------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/libraries/intentIqUtils/getRefferer.js b/libraries/intentIqUtils/getRefferer.js index 20c6a6a5b47..420f026ae6f 100644 --- a/libraries/intentIqUtils/getRefferer.js +++ b/libraries/intentIqUtils/getRefferer.js @@ -6,13 +6,27 @@ import { getWindowTop, logError, getWindowLocation, getWindowSelf } from '../../ */ export function getReferrer() { try { - const url = getWindowSelf() === getWindowTop() - ? getWindowLocation().href - : getWindowTop().location.href; + let url = ''; + + if (getWindowSelf() === getWindowTop()) { + // top page + url = getWindowLocation().href; + } else { + // iframe: try parent url + try { + url = getWindowTop().location.href; // SecurityError if cross-origin + } catch (e) { + // cross-origin: fallback to iframe url + url = getWindowLocation().href; + } + } if (url.length >= 50) { - const { origin } = new URL(url); - return origin; + try { + return new URL(url).origin; + } catch { + return url; + } } return url; @@ -31,12 +45,12 @@ export function getReferrer() { * @return {string} The modified URL with appended `vrref` or `fui` parameters. */ export function appendVrrefAndFui(url, domainName) { - const fullUrl = encodeURIComponent(getReferrer()); + const fullUrl = getReferrer(); if (fullUrl) { - return (url += '&vrref=' + getRelevantRefferer(domainName, fullUrl)); + return (url += '&vrref=' + encodeURIComponent(getRelevantRefferer(domainName, fullUrl))); } url += '&fui=1'; // Full Url Issue - url += '&vrref=' + encodeURIComponent(domainName || ''); + if (domainName) url += '&vrref=' + encodeURIComponent(domainName); return url; } @@ -50,7 +64,7 @@ export function getRelevantRefferer(domainName, fullUrl) { if (domainName && isDomainIncluded(fullUrl, domainName)) { return fullUrl; } - return domainName ? encodeURIComponent(domainName) : fullUrl; + return domainName || fullUrl; } /** @@ -61,7 +75,7 @@ export function getRelevantRefferer(domainName, fullUrl) { */ export function isDomainIncluded(fullUrl, domainName) { try { - return fullUrl.includes(domainName); + return new URL(fullUrl).hostname === domainName; } catch (error) { logError(`Invalid URL provided: ${error}`); return false; From 6648802d70010609fe79e77d60e425acfa88972a Mon Sep 17 00:00:00 2001 From: dmytro-po Date: Fri, 9 Jan 2026 17:55:02 +0200 Subject: [PATCH 2/5] remove comment --- libraries/intentIqUtils/getRefferer.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/intentIqUtils/getRefferer.js b/libraries/intentIqUtils/getRefferer.js index 420f026ae6f..950fa19052c 100644 --- a/libraries/intentIqUtils/getRefferer.js +++ b/libraries/intentIqUtils/getRefferer.js @@ -14,7 +14,7 @@ export function getReferrer() { } else { // iframe: try parent url try { - url = getWindowTop().location.href; // SecurityError if cross-origin + url = getWindowTop().location.href; } catch (e) { // cross-origin: fallback to iframe url url = getWindowLocation().href; From 07317d6f2003df5ce740a5f82e46ae99a170226c Mon Sep 17 00:00:00 2001 From: dmytro-po Date: Tue, 20 Jan 2026 17:02:57 +0200 Subject: [PATCH 3/5] AGT-756: Fix vrref bug --- libraries/intentIqUtils/getRefferer.js | 38 +++++++------------ modules/intentIqAnalyticsAdapter.js | 5 ++- .../modules/intentIqAnalyticsAdapter_spec.js | 8 ++-- 3 files changed, 21 insertions(+), 30 deletions(-) diff --git a/libraries/intentIqUtils/getRefferer.js b/libraries/intentIqUtils/getRefferer.js index 950fa19052c..59849bc32c2 100644 --- a/libraries/intentIqUtils/getRefferer.js +++ b/libraries/intentIqUtils/getRefferer.js @@ -4,33 +4,24 @@ import { getWindowTop, logError, getWindowLocation, getWindowSelf } from '../../ * Determines if the script is running inside an iframe and retrieves the URL. * @return {string} The encoded vrref value representing the relevant URL. */ -export function getReferrer() { - try { - let url = ''; +export function getCurrentUrl() { + let url = ''; + try { if (getWindowSelf() === getWindowTop()) { // top page - url = getWindowLocation().href; + url = getWindowLocation().href || ''; } else { // iframe: try parent url - try { - url = getWindowTop().location.href; - } catch (e) { - // cross-origin: fallback to iframe url - url = getWindowLocation().href; - } + url = getWindowTop().location.href || ''; } - + // shorten long urls if (url.length >= 50) { - try { - return new URL(url).origin; - } catch { - return url; - } - } - + return new URL(url).origin; + }; return url; } catch (error) { + // Handling access errors, such as cross-domain restrictions logError(`Error accessing location: ${error}`); return ''; } @@ -45,9 +36,9 @@ export function getReferrer() { * @return {string} The modified URL with appended `vrref` or `fui` parameters. */ export function appendVrrefAndFui(url, domainName) { - const fullUrl = getReferrer(); + const fullUrl = getCurrentUrl(); if (fullUrl) { - return (url += '&vrref=' + encodeURIComponent(getRelevantRefferer(domainName, fullUrl))); + return (url += '&vrref=' + getRelevantRefferer(domainName, fullUrl)); } url += '&fui=1'; // Full Url Issue if (domainName) url += '&vrref=' + encodeURIComponent(domainName); @@ -61,10 +52,9 @@ export function appendVrrefAndFui(url, domainName) { * @return {string} The relevant referrer */ export function getRelevantRefferer(domainName, fullUrl) { - if (domainName && isDomainIncluded(fullUrl, domainName)) { - return fullUrl; - } - return domainName || fullUrl; + return encodeURIComponent( + domainName && isDomainIncluded(fullUrl, domainName) ? fullUrl : (domainName || fullUrl) + ); } /** diff --git a/modules/intentIqAnalyticsAdapter.js b/modules/intentIqAnalyticsAdapter.js index 03f1aa65654..2122d918e44 100644 --- a/modules/intentIqAnalyticsAdapter.js +++ b/modules/intentIqAnalyticsAdapter.js @@ -5,7 +5,7 @@ import { ajax } from '../src/ajax.js'; import { EVENTS } from '../src/constants.js'; import { detectBrowser } from '../libraries/intentIqUtils/detectBrowserUtils.js'; import { appendSPData } from '../libraries/intentIqUtils/urlUtils.js'; -import { appendVrrefAndFui, getReferrer } from '../libraries/intentIqUtils/getRefferer.js'; +import { appendVrrefAndFui, getCurrentUrl, getRelevantRefferer } from '../libraries/intentIqUtils/getRefferer.js'; import { getCmpData } from '../libraries/intentIqUtils/getCmpData.js'; import { VERSION, @@ -267,9 +267,10 @@ function getRandom(start, end) { export function preparePayload(data) { const result = getDefaultDataObject(); + const fullUrl = getCurrentUrl(); result[PARAMS_NAMES.partnerId] = iiqAnalyticsAnalyticsAdapter.initOptions.partner; result[PARAMS_NAMES.prebidVersion] = prebidVersion; - result[PARAMS_NAMES.referrer] = getReferrer(); + result[PARAMS_NAMES.referrer] = getRelevantRefferer(iiqAnalyticsAnalyticsAdapter.initOptions.domainName, fullUrl); result[PARAMS_NAMES.terminationCause] = iiqAnalyticsAnalyticsAdapter.initOptions.terminationCause; result[PARAMS_NAMES.clientType] = iiqAnalyticsAnalyticsAdapter.initOptions.clientType; result[PARAMS_NAMES.siteId] = iiqAnalyticsAnalyticsAdapter.initOptions.siteId; diff --git a/test/spec/modules/intentIqAnalyticsAdapter_spec.js b/test/spec/modules/intentIqAnalyticsAdapter_spec.js index c103aff65a0..3602f24cddc 100644 --- a/test/spec/modules/intentIqAnalyticsAdapter_spec.js +++ b/test/spec/modules/intentIqAnalyticsAdapter_spec.js @@ -21,7 +21,7 @@ import { } from "../../../libraries/intentIqConstants/intentIqConstants.js"; import * as detectBrowserUtils from "../../../libraries/intentIqUtils/detectBrowserUtils.js"; import { - getReferrer, + getCurrentUrl, appendVrrefAndFui, } from "../../../libraries/intentIqUtils/getRefferer.js"; import { @@ -483,7 +483,7 @@ describe("IntentIQ tests all", function () { .stub(utils, "getWindowLocation") .returns({ href: "http://localhost:9876/" }); - const referrer = getReferrer(); + const referrer = getCurrentUrl(); expect(referrer).to.equal("http://localhost:9876/"); }); @@ -494,7 +494,7 @@ describe("IntentIQ tests all", function () { .stub(utils, "getWindowTop") .returns({ location: { href: "http://example.com/" } }); - const referrer = getReferrer(); + const referrer = getCurrentUrl(); expect(referrer).to.equal("http://example.com/"); }); @@ -506,7 +506,7 @@ describe("IntentIQ tests all", function () { .stub(utils, "getWindowTop") .throws(new Error("Access denied")); - const referrer = getReferrer(); + const referrer = getCurrentUrl(); expect(referrer).to.equal(""); expect(logErrorStub.calledOnce).to.be.true; expect(logErrorStub.firstCall.args[0]).to.contain( From 25d39d0711624f0973612c4df3f9f172b895ab5d Mon Sep 17 00:00:00 2001 From: dmytro-po Date: Tue, 20 Jan 2026 17:08:33 +0200 Subject: [PATCH 4/5] AGT-756: Remove comments --- libraries/intentIqUtils/getRefferer.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libraries/intentIqUtils/getRefferer.js b/libraries/intentIqUtils/getRefferer.js index 59849bc32c2..2ed8a668a56 100644 --- a/libraries/intentIqUtils/getRefferer.js +++ b/libraries/intentIqUtils/getRefferer.js @@ -12,13 +12,14 @@ export function getCurrentUrl() { // top page url = getWindowLocation().href || ''; } else { - // iframe: try parent url + // iframe url = getWindowTop().location.href || ''; } - // shorten long urls + if (url.length >= 50) { return new URL(url).origin; }; + return url; } catch (error) { // Handling access errors, such as cross-domain restrictions From ab865524378a069cf11a06ced4dda3db91453f43 Mon Sep 17 00:00:00 2001 From: dmytro-po Date: Tue, 20 Jan 2026 17:48:59 +0200 Subject: [PATCH 5/5] AGT-756: Test for vrref --- .../modules/intentIqAnalyticsAdapter_spec.js | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/test/spec/modules/intentIqAnalyticsAdapter_spec.js b/test/spec/modules/intentIqAnalyticsAdapter_spec.js index 3602f24cddc..987dec98f51 100644 --- a/test/spec/modules/intentIqAnalyticsAdapter_spec.js +++ b/test/spec/modules/intentIqAnalyticsAdapter_spec.js @@ -594,6 +594,36 @@ describe("IntentIQ tests all", function () { expect(request.url).to.include("general=Lee"); }); + it("should include domainName in both query and payload when fullUrl is empty (cross-origin)", function () { + const domainName = "mydomain-frame.com"; + + enableAnalyticWithSpecialOptions({ domainName }); + + getWindowTopStub = sinon.stub(utils, "getWindowTop").throws(new Error("cross-origin")); + + events.emit(EVENTS.BID_WON, getWonRequest()); + + const request = server.requests[0]; + + // Query contain vrref=domainName + const parsedUrl = new URL(request.url); + const vrrefParam = parsedUrl.searchParams.get("vrref"); + + // Payload contain vrref=domainName + const payloadEncoded = parsedUrl.searchParams.get("payload"); + const payloadDecoded = JSON.parse(atob(JSON.parse(payloadEncoded)[0])); + + expect(server.requests.length).to.be.above(0); + expect(vrrefParam).to.not.equal(null); + expect(decodeURIComponent(vrrefParam)).to.equal(domainName); + expect(parsedUrl.searchParams.get("fui")).to.equal("1"); + + expect(payloadDecoded).to.have.property("vrref"); + expect(decodeURIComponent(payloadDecoded.vrref)).to.equal(domainName); + + restoreReportList(); + }); + it("should not send additionalParams in report if value is too large", function () { const longVal = "x".repeat(5000000);