Fix post-rebase edge cookie integration issues

Author: ChristianPavilonis

crates/trusted-server-adapter-fastly/src/main.rs

@@ -299,11 +299,6 @@ async fn route_request(
                 false,
             )
         }
-        (Method::POST, "/admin/partners/register")
-        | (Method::POST, "/_ts/admin/partners/register") => (
-            require_partner_store(settings).and_then(|store| handle_register_partner(&store, req)),
-            false,
-        ),
         (Method::GET, "/_ts/api/v1/identify") => (
             // Bot gate is intentionally write-only in this PR. `/identify` reads
             // remain gated by bearer auth + consent, even when request-classification
@@ -330,6 +325,7 @@ async fn route_request(
                     kv_graph.as_ref(),
                     registry_ref,
                     &ec_context,
+                    runtime_services,
                     req,
                 )
                 .await,
@@ -522,18 +518,6 @@ fn finalize_response(settings: &Settings, geo_info: Option<&GeoInfo>, response:
     }
 }
 
-/// Constructs a `PartnerStore` from settings, or returns 503 if the
-/// `partner_store` config is not set.
-fn require_partner_store(settings: &Settings) -> Result<PartnerStore, Report<TrustedServerError>> {
-    let store_name = settings.ec.partner_store.as_deref().ok_or_else(|| {
-        Report::new(TrustedServerError::KvStore {
-            store_name: "ec.partner_store".to_owned(),
-            message: "ec.partner_store is not configured".to_owned(),
-        })
-    })?;
-    Ok(PartnerStore::new(store_name))
-}
-
 /// Constructs a `KvIdentityGraph` from settings, or returns 503 if the
 /// `ec_store` config is not set.
 fn require_identity_graph(

crates/trusted-server-core/src/auction/endpoints.rs

@@ -16,6 +16,7 @@ use crate::ec::registry::PartnerRegistry;
 use crate::ec::EcContext;
 use crate::error::TrustedServerError;
 use crate::openrtb::{Eid, Uid};
+use crate::platform::RuntimeServices;
 use crate::settings::Settings;
 
 use super::formats::{convert_to_openrtb_response, convert_tsjs_to_auction_request};
@@ -45,6 +46,7 @@ pub async fn handle_auction(
     kv: Option<&KvIdentityGraph>,
     registry: Option<&PartnerRegistry>,
     ec_context: &EcContext,
+    services: &RuntimeServices,
     mut req: Request,
 ) -> Result<Response, Report<TrustedServerError>> {
     // Parse request body

crates/trusted-server-core/src/auction/test_support.rs

@@ -3,22 +3,20 @@ use std::sync::LazyLock;
 use fastly::Request;
 
 use super::AuctionContext;
-use crate::platform::{test_support::noop_services, ClientInfo, RuntimeServices};
+use crate::platform::{test_support::noop_services, RuntimeServices};
 use crate::settings::Settings;
 
 static TEST_SERVICES: LazyLock<RuntimeServices> = LazyLock::new(noop_services);
 
 pub(crate) fn create_test_auction_context<'a>(
     settings: &'a Settings,
     request: &'a Request,
-    client_info: &'a ClientInfo,
     timeout_ms: u32,
 ) -> AuctionContext<'a> {
     let services: &'static RuntimeServices = &TEST_SERVICES;
     AuctionContext {
         settings,
         request,
-        client_info,
         timeout_ms,
         provider_responses: None,
         services,

crates/trusted-server-core/src/ec/cookies.rs

@@ -340,7 +340,7 @@ mod tests {
         assert_eq!(
             cookie_str,
             format!(
-                "{}=; Domain=.{}; Path=/; Secure; SameSite=Lax; Max-Age=0",
+                "{}=; Domain=.{}; Path=/; Secure; SameSite=Lax; Max-Age=0; HttpOnly",
                 COOKIE_TS_EC, settings.publisher.domain,
             ),
             "expiry cookie should retain the same security attributes as the live cookie"

crates/trusted-server-core/src/error.rs

@@ -26,10 +26,6 @@ pub enum TrustedServerError {
     #[display("Configuration error: {message}")]
     Configuration { message: String },
 
-    /// Insecure placeholder configuration was detected.
-    #[display("Insecure default value configured for {field}")]
-    InsecureDefault { field: String },
-
     /// Auction orchestration error.
     #[display("Auction error: {message}")]
     Auction { message: String },
@@ -117,9 +113,7 @@ impl IntoHttpResponse for TrustedServerError {
         match self {
             Self::Auction { .. } => StatusCode::BAD_GATEWAY,
             Self::BadRequest { .. } => StatusCode::BAD_REQUEST,
-            Self::Configuration { .. } | Self::InsecureDefault { .. } | Self::Settings { .. } => {
-                StatusCode::INTERNAL_SERVER_ERROR
-            }
+            Self::Configuration { .. } | Self::Settings { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             Self::Gam { .. } => StatusCode::BAD_GATEWAY,
             Self::GdprConsent { .. } => StatusCode::BAD_REQUEST,
             Self::InvalidHeaderValue { .. } => StatusCode::BAD_REQUEST,

crates/trusted-server-core/src/integrations/registry.rs

@@ -674,8 +674,11 @@ impl IntegrationRegistry {
             }
 
             // Set EC ID header on the request so integrations can read it.
+            // Remove any caller-supplied invalid value rather than forwarding it.
             if let Some(ec_id) = ec_context.ec_value() {
                 req.set_header(HEADER_X_TS_EC, ec_id);
+            } else {
+                req.remove_header(HEADER_X_TS_EC);
             }
 
             Some(proxy.handle(settings, req).await)
@@ -1271,7 +1274,7 @@ mod tests {
         // Provide an existing EC via header (client IP is unavailable in
         // the test environment, so generation would fail).
         let mut req = Request::get("https://test-publisher.com/integrations/test/ec");
-        req.set_header("x-ts-ec", "test-ec-id-from-header");
+        req.set_header("x-ts-ec", format!("{}.HdrEc1", "a".repeat(64)));
         let mut ec_context =
             EcContext::read_from_request(&settings, &req).expect("should read EC context");
 
@@ -1388,7 +1391,7 @@ mod tests {
 
         let mut req =
             Request::post("https://test-publisher.com/integrations/test/ec").with_body("test body");
-        req.set_header("x-ts-ec", "test-ec-id-from-header");
+        req.set_header("x-ts-ec", format!("{}.HdrEc1", "a".repeat(64)));
         let mut ec_context =
             EcContext::read_from_request(&settings, &req).expect("should read EC context");