Skip to content

Relax SUA validation for malformed bid requests#81

Open
sneako wants to merge 1 commit intomainfrom
relax-sua-validation
Open

Relax SUA validation for malformed bid requests#81
sneako wants to merge 1 commit intomainfrom
relax-sua-validation

Conversation

@sneako
Copy link
Member

@sneako sneako commented Feb 16, 2026
edited by cubic-dev-ai bot
Loading

Summary

  • Remove validate_required([:brand]) from BrandVersion — SSPs send SUA with empty or missing brand strings (e.g. "brand": "") which should not invalidate the entire bid request
  • Handle "browsers": null in UserAgent changeset — cast_embed(:browsers) raises on null for embeds_many, so we now skip the cast when browsers is not a list
  • Add test covering the exact real-world scenario (null browsers + empty platform brand)

Test plan

  • All 33 existing tests pass
  • New test validates parsing of SUA with "browsers": null and "platform": {"brand": ""}

🤖 Generated with Claude Code

Open with Devin

Note

Low Risk
Small changes to Ecto changesets to tolerate malformed SUA input; low risk but could reduce validation strictness for brand and skip browser casting when the payload is not a list.

Overview
Relaxes V2 structured user-agent handling so malformed client-hint payloads don’t invalidate the whole bid request.

Specifically, BrandVersion no longer requires brand, and UserAgent now only cast_embed(:browsers) when the incoming browsers value is a list (skipping null/non-list values). Adds a regression test that ensures casting succeeds with "browsers": null and an empty platform brand.

Written by Cursor Bugbot for commit a2f5d53. This will update automatically on new commits. Configure here.

Summary by cubic

Relaxed SUA validation so malformed fields no longer invalidate entire bid requests. Empty/missing platform brand and null browsers are now tolerated.

  • Bug Fixes
    • Removed required check for platform brand in BrandVersion; empty or missing brand is accepted.
    • UserAgent safely skips casting browsers unless it’s a list; null input leaves browsers as [].
    • Added a test covering null browsers with an empty platform brand.

Written for commit a2f5d53. Summary will update on new commits.

@sneako @claude
relax SUA validation to avoid rejecting entire bid requests
a2f5d53 
BrandVersion no longer requires brand, and UserAgent safely skips
browsers when the value is null instead of a list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
devin-ai-integration[bot]
devin-ai-integration bot reviewed Feb 16, 2026
View reviewed changes
Copy link

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 16, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sneako