Skip to content

WD-34696: Only send UTMs to Marketo for non-essential cookie consent#16216

Merged
Onibenjo merged 4 commits intomainfrom
WD-34696/utm-cookie-consent-check
Apr 9, 2026
Merged

WD-34696: Only send UTMs to Marketo for non-essential cookie consent#16216
Onibenjo merged 4 commits intomainfrom
WD-34696/utm-cookie-consent-check

Conversation

@Onibenjo
Copy link
Copy Markdown
Contributor

@Onibenjo Onibenjo commented Apr 8, 2026
edited
Loading

Done

  • UTM parameters are now only attached to the Marketo enrichment payload when the user has consented to non-essential cookies (functionality, performance, or all)
  • When consent is essential or unset (or cookie is missing), UTMs are stripped from the payload before it reaches Marketo
  • Includes a temporary ?dry_run=true query param on /marketo/submit for QA — returns the payloads as JSON without calling the Marketo API. Remove before merge.

QA

This can be tested entirely on the DEMO using curl. The ?dry_run=true param returns the Marketo payloads as JSON without making any API calls.

Test 1: essential consent — UTMs should NOT be sent

curl -s -X POST "https://ubuntu-com-16216.demos.haus/marketo/submit?dry_run=true" -b "_cookies_accepted=essential; utms=utm_source%3Agoogle%26utm_medium%3Acpc" -d "formid=4198&email=test@test.com" | python3 -m json.tool

Expected: non_essential_consent: false, and enriched_payload.input[0].leadFormFields should have no utm_source or utm_medium keys.

Test 2: performance consent — UTMs SHOULD be sent

curl -s -X POST "https://ubuntu-com-16216.demos.haus/marketo/submit?dry_run=true" -b "_cookies_accepted=performance; utms=utm_source%3Agoogle%26utm_medium%3Acpc" -d "formid=4198&email=test@test.com" | python3 -m json.tool

Expected: non_essential_consent: true, and enriched_payload.input[0].leadFormFields should contain utm_source: "google" and utm_medium: "cpc".

Test 3: functionality consent — UTMs SHOULD be sent

curl -s -X POST "https://ubuntu-com-16216.demos.haus/marketo/submit?dry_run=true" -b "_cookies_accepted=functionality; utms=utm_source%3Agoogle%26utm_medium%3Acpc" -d "formid=4198&email=test@test.com" | python3 -m json.tool

Expected: non_essential_consent: true, UTM fields present in enriched payload.

Test 4: all consent — UTMs SHOULD be sent

curl -s -X POST "https://ubuntu-com-16216.demos.haus/marketo/submit?dry_run=true" \
  -b "_cookies_accepted=all; utms=utm_source%3Agoogle%26utm_medium%3Acpc" \
  -d "formid=4198&email=test@test.com" | python3 -m json.tool

Expected: non_essential_consent: true, UTM fields present in enriched payload.

Test 5: No _cookies_accepted cookie — UTMs should NOT be sent

curl -s -X POST "https://ubuntu-com-16216.demos.haus/marketo/submit?dry_run=true" \
  -b "utms=utm_source%3Agoogle%26utm_medium%3Acpc" \
  -d "formid=4198&email=test@test.com" | python3 -m json.tool

Expected: cookie_consent: "unset", non_essential_consent: false, no UTM fields in enriched payload.

Summary table

_cookies_accepted UTMs in enriched payload?
essential No
unset / missing No
functionality Yes
performance Yes
all Yes

Before merge

  • Remove the dry_run block from webapp/views.py

Issue / Card

Fixes https://warthogs.atlassian.net/browse/WD-34696

Help

QA steps - Commit guidelines

@Onibenjo
Only send UTMs to Marketo when user consents to non-essential cookies
8f22771 
Check the _cookies_accepted cookie in marketo_submit() and only attach
UTM values to the enrichment payload when the consent type is
functionality, performance, or all. Essential and unset consent types
will no longer have UTM data forwarded to Marketo.

Includes a temporary dry_run query param for QA (to be removed before merge).
Copilot AI review requested due to automatic review settings April 8, 2026 10:01
@webteam-app
Copy link
Copy Markdown

webteam-app commented Apr 8, 2026

Demo

Jenkins

demos.haus

Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR aims to ensure UTM parameters are only sent to Marketo when the user has consented to non-essential cookies, aligning Marketo enrichment behavior with cookie consent state.

Changes:

  • Added consent detection via _cookies_accepted and gated attaching UTM fields to the enrichment payload.
  • Prevented parsing/attaching UTMs from the encoded utms cookie/form field when consent is essential/unset.
  • Added a temporary dry_run=true mode on /marketo/submit that returns payloads as JSON (intended for QA only).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

webapp/views.py
Comment on lines +1127 to +1132
# Only attach UTM values when the user has consented to
# non-essential cookies (functionality, performance, or all)
cookie_consent = flask.request.cookies.get("_cookies_accepted", "unset")
non_essential_consent = cookie_consent in {
"functionality", "performance", "all"}

Copy link

Copilot AI Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change introduces new consent-dependent behavior for what gets sent to Marketo, but there are no unit tests covering the /marketo/submit path. Since webapp/views.py already has view-level tests for related UTM helpers, add tests that assert UTMs are stripped when consent is essential/missing and preserved when consent is functionality/performance/all (including UTMs provided via hidden fields and via acquisition_url).

Copilot uses AI. Check for mistakes.
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 8, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 31 lines in your changes missing coverage. Please review.
✅ Project coverage is 48.36%. Comparing base (32502aa) to head (036fed4).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
webapp/views.py 0.00% 31 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #16216      +/-   ##
==========================================
- Coverage   48.52%   48.36%   -0.17%     
==========================================
  Files          37       37              
  Lines        5875     5891      +16     
==========================================
- Hits         2851     2849       -2     
- Misses       3024     3042      +18
Files with missing lines Coverage Δ
webapp/views.py 46.56% <0.00%> (-0.79%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Onibenjo
Onibenjo commented Apr 9, 2026
View reviewed changes
@Skazitron
Copy link
Copy Markdown
Contributor

Skazitron commented Apr 9, 2026

@Onibenjo looks like the links from the PR description are not working, however the demo is. So I'll replace the links with the updated links.

Skazitron
Skazitron previously approved these changes Apr 9, 2026
View reviewed changes
@Skazitron
Copy link
Copy Markdown
Contributor

Skazitron commented Apr 9, 2026

@Onibenjo looks good! Just remember to remove the QA code.

@Onibenjo Onibenjo force-pushed the WD-34696/utm-cookie-consent-check branch from 15c27ed to 036fed4 Compare April 9, 2026 14:40
@Onibenjo Onibenjo merged commit f19acca into main Apr 9, 2026
32 of 34 checks passed
@Onibenjo Onibenjo deleted the WD-34696/utm-cookie-consent-check branch April 9, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Skazitron Skazitron Skazitron approved these changes

Assignees

No one assigned

Labels

Review: Code +1 (with changes) Review: QA +1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Onibenjo @webteam-app @Skazitron