@duckduckgo/autoconsent 14.75.0 → 14.76.0

package/dist/autoconsent.playwright.js

@@ -467,10 +467,12 @@
       return false;
     },
     EVAL_DIDOMI_TEST: () => {
-      if (window.Didomi) {
-        return window.Didomi.getUserConsentStatusForAll().purposes.disabled.length > 0;
+      const purposes = window.Didomi?.getCurrentUserStatus?.()?.purposes;
+      if (purposes) {
+        return Object.values(purposes).some((p) => !p.enabled);
       }
-      return false;
+      const disabled = window.Didomi?.getUserConsentStatusForAll?.()?.purposes?.disabled;
+      return Array.isArray(disabled) && disabled.length > 0;
     },
     EVAL_CONSENTMANAGER_1: () => window.__cmp && typeof __cmp("getCMPData") === "object",
     EVAL_CONSENTMANAGER_2: () => !__cmp("consentStatus").userChoiceExists,
@@ -860,9 +862,9 @@
     /wijs alles af/gi
   ];
   var REJECT_PATTERNS_ENGLISH = [
-    // e.g. "i reject cookies", "reject all", "reject all cookies", "reject cookies", "deny all", "deny all cookies", "refuse", "refuse all", "refuse cookies", "refuse all cookies", "deny", "reject all and close", "deny all and close", "reject non-essential cookies", "reject all non-essential cookies and continue", "reject optional cookies", "reject additional cookies", "reject targeting cookies", "reject marketing cookies", "reject analytics cookies", "reject tracking cookies", "reject advertising cookies", "reject all and close", "deny all and close"
+    // e.g. "i reject cookies", "reject all", "reject all cookies", "reject cookies", "deny all", "deny all cookies", "refuse", "refuse all", "refuse cookies", "refuse all cookies", "deny", "reject all and close", "deny all and close", "reject non-essential cookies", "reject all non-essential cookies and continue", "reject optional cookies", "reject additional cookies", "reject targeting cookies", "reject marketing cookies", "reject analytics cookies", "reject tracking cookies", "reject advertising cookies", "reject all and close", "deny all and close", "i reject all (except strictly necessary)"
     // note that "reject and subscribe" and "reject and pay" are excluded
-    /^\s*(i)?\s*(reject|deny|refuse|decline|disable)\s*(all)?\s*(non-essential|optional|additional|targeting|analytics|marketing|unrequired|non-necessary|extra|tracking|advertising)?\s*(cookies)?\s*$/is,
+    /^\s*(i)?\s*(reject|deny|refuse|decline|disable)\s*(all)?\s*(non-essential|optional|additional|targeting|analytics|marketing|unrequired|non-necessary|extra|tracking|advertising)?\s*(cookies)?\s*(\(?\s*except\s+(strictly\s+)?(necessary|essential)\s*\)?)?\s*$/is,
     // e.g. "i do not accept", "i do not accept cookies", "do not accept", "do not accept cookies"
     /^\s*(i)?\s*do\s+not\s+accept\s*(cookies)?\s*$/is,
     // e.g. "continue without accepting", "continue without agreeing", "continue without agreeing →"
@@ -2210,16 +2212,13 @@
       return await waitFor(() => this.elementVisible(".switch span:first-child", "any"), 5, 1e3);
     }
     async optOut() {
-      if (await this.mainWorldEval("EVAL_TRUSTARC_FRAME_TEST")) {
-        return true;
-      }
       let timeout = 3e3;
       if (await this.mainWorldEval("EVAL_TRUSTARC_FRAME_GTM")) {
         timeout = 1500;
       }
       await waitFor(() => document.readyState === "complete", 20, 100);
       await this.waitForElement(".mainContent[aria-hidden=false]", timeout);
-      if (await this.click(".rejectAll")) {
+      if (await this.click(".rejectAll,.declineAllButtonLower", true)) {
         return true;
       }
       if (this.elementExists(".prefPanel")) {
@@ -2565,14 +2564,21 @@
       return false;
     }
     async detectCmp() {
-      return this.elementExists("#onetrust-banner-sdk,#onetrust-pc-sdk");
+      return this.elementExists("#onetrust-banner-sdk") || this.elementVisible("#onetrust-pc-sdk", "any");
     }
     async detectPopup() {
       return this.elementVisible("#onetrust-banner-sdk,#onetrust-pc-sdk", "any");
     }
     async optOut() {
-      if (this.elementVisible("#onetrust-reject-all-handler,.ot-pc-refuse-all-handler,.js-reject-cookies", "any")) {
-        return await this.click("#onetrust-reject-all-handler,.ot-pc-refuse-all-handler,.js-reject-cookies");
+      await this.wait(500);
+      if (this.elementVisible("#onetrust-reject-all-handler", "any")) {
+        return await this.click("#onetrust-reject-all-handler");
+      }
+      if (this.elementVisible(".ot-pc-refuse-all-handler", "any")) {
+        return await this.click(".ot-pc-refuse-all-handler");
+      }
+      if (this.elementVisible(".js-reject-cookies", "any")) {
+        return await this.click(".js-reject-cookies");
       }
       if (this.elementVisible(".onetrust-close-btn-handler", "any")) {
         const closeBtn = document.querySelector(".onetrust-close-btn-handler");
@@ -2581,6 +2587,13 @@
         if (rejectPatterns.some((pattern) => btnText.includes(pattern))) {
           return await this.click(".onetrust-close-btn-handler");
         }
+        const banner = document.getElementById("onetrust-banner-sdk");
+        const isCloseOnlyNotice = banner?.classList.contains("ot-close-btn-link") && !this.elementExists(
+          "#onetrust-accept-btn-handler,#onetrust-reject-all-handler,#onetrust-pc-btn-handler,.ot-sdk-show-settings,button.js-cookie-settings"
+        );
+        if (isCloseOnlyNotice) {
+          return await this.click(".onetrust-close-btn-handler");
+        }
       }
       if (this.elementExists("#onetrust-pc-btn-handler")) {
         await this.click("#onetrust-pc-btn-handler");

package/lib/cmps/onetrust.ts

@@ -18,7 +18,7 @@ export default class Onetrust extends AutoConsentCMPBase {
     }
 
     async detectCmp() {
-        return this.elementExists('#onetrust-banner-sdk,#onetrust-pc-sdk');
+        return this.elementExists('#onetrust-banner-sdk') || this.elementVisible('#onetrust-pc-sdk', 'any');
     }
 
     async detectPopup() {
@@ -26,9 +26,16 @@ export default class Onetrust extends AutoConsentCMPBase {
     }
 
     async optOut() {
-        if (this.elementVisible('#onetrust-reject-all-handler,.ot-pc-refuse-all-handler,.js-reject-cookies', 'any')) {
-            // 'reject all' shortcut
-            return await this.click('#onetrust-reject-all-handler,.ot-pc-refuse-all-handler,.js-reject-cookies');
+        await this.wait(500);
+        // 'reject all' shortcuts
+        if (this.elementVisible('#onetrust-reject-all-handler', 'any')) {
+            return await this.click('#onetrust-reject-all-handler');
+        }
+        if (this.elementVisible('.ot-pc-refuse-all-handler', 'any')) {
+            return await this.click('.ot-pc-refuse-all-handler');
+        }
+        if (this.elementVisible('.js-reject-cookies', 'any')) {
+            return await this.click('.js-reject-cookies');
         }
 
         if (this.elementVisible('.onetrust-close-btn-handler', 'any')) {
@@ -41,6 +48,20 @@ export default class Onetrust extends AutoConsentCMPBase {
             if (rejectPatterns.some((pattern) => btnText.includes(pattern))) {
                 return await this.click('.onetrust-close-btn-handler');
             }
+
+            // CCPA notice-only variant: the banner has the `ot-close-btn-link` class and
+            // contains only a Close button (no Accept, Reject, or Settings). There's no
+            // real opt-out path in the DOM, so we click Close to dismiss.
+            // See e.g. columbia.com (US/CCPA region).
+            const banner = document.getElementById('onetrust-banner-sdk');
+            const isCloseOnlyNotice =
+                banner?.classList.contains('ot-close-btn-link') &&
+                !this.elementExists(
+                    '#onetrust-accept-btn-handler,#onetrust-reject-all-handler,#onetrust-pc-btn-handler,.ot-sdk-show-settings,button.js-cookie-settings',
+                );
+            if (isCloseOnlyNotice) {
+                return await this.click('.onetrust-close-btn-handler');
+            }
         }
 
         if (this.elementExists('#onetrust-pc-btn-handler')) {

package/lib/cmps/trustarc-frame.ts

@@ -60,11 +60,6 @@ export default class TrustArcFrame extends AutoConsentCMPBase {
     }
 
     async optOut() {
-        // if the user has already opted out, let's not close the window
-        if (await this.mainWorldEval('EVAL_TRUSTARC_FRAME_TEST')) {
-            return true;
-        }
-
         // When Tags are being controlled through a tag managment system, the window will not call the vendors' opt-out
         let timeout = 3000;
         if (await this.mainWorldEval('EVAL_TRUSTARC_FRAME_GTM')) {
@@ -74,7 +69,7 @@ export default class TrustArcFrame extends AutoConsentCMPBase {
         await waitFor(() => document.readyState === 'complete', 20, 100);
         await this.waitForElement('.mainContent[aria-hidden=false]', timeout);
 
-        if (await this.click('.rejectAll')) {
+        if (await this.click('.rejectAll,.declineAllButtonLower', true)) {
             return true;
         }
 

package/lib/eval-snippets.ts

@@ -12,10 +12,15 @@ export const snippets = {
         return false;
     },
     EVAL_DIDOMI_TEST: () => {
-        if (window.Didomi) {
-            return window.Didomi.getUserConsentStatusForAll().purposes.disabled.length > 0;
+        // getCurrentUserStatus() works under both GDPR and CCPA/CPRA, unlike the legacy
+        // getUserConsentStatusForAll() which returns empty arrays in CCPA/CPRA mode.
+        // Falls back to the legacy API for older Didomi SDK versions.
+        const purposes = window.Didomi?.getCurrentUserStatus?.()?.purposes;
+        if (purposes) {
+            return Object.values(purposes).some((p) => !p.enabled);
         }
-        return false;
+        const disabled = window.Didomi?.getUserConsentStatusForAll?.()?.purposes?.disabled;
+        return Array.isArray(disabled) && disabled.length > 0;
     },
     EVAL_CONSENTMANAGER_1: () => window.__cmp && typeof __cmp('getCMPData') === 'object',
     EVAL_CONSENTMANAGER_2: () => !__cmp('consentStatus').userChoiceExists,