Fix duplicate PATCH requests on banner dismissal

[gilluminate]

Ticket ENG-2426

Description Of Changes

Fixed duplicate PATCH requests to /api/v1/privacy-preferences when dismissing the consent banner via the X close button. The issue was caused by a redundant onClose() call in the CloseButton click handler that triggered the dismissal flow twice.

When PR #7227 added onDismiss() to the banner's a11y-dialog onClose callback to fix TCF dismissal with GPC-enabled custom notices, it created an unintended side effect. The CloseButton was already calling both closeButton.onClick() (which triggers the a11y-dialog's onClose callback) and an explicit onClose() prop, resulting in handleDismiss() being called twice and sending duplicate API requests.

Code Changes

• Removed redundant onClose() call from ConsentBanner CloseButton click handler
• The a11y-dialog's built-in close mechanism now handles the full dismissal flow once

Steps to Confirm

1. Navigate to a non-TCF experience with banner + modal (e.g., http://localhost:3001/fides-js-demo.html?geolocation=ca-qu)
2. Open browser DevTools Network tab and filter for /api/v1/privacy-preferences
3. Click the X close button on the consent banner
4. Verify only ONE PATCH request is made (previously two requests were sent)
5. Verify banner closes properly
6. Verify consent is recorded correctly in the cookie
7. Test action buttons (Accept All, Reject All) still work correctly and close the banner

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Review	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Jan 27, 2026 0:39am
fides-privacy-center	Ignored		Jan 27, 2026 0:39am

[greptile-apps]

Greptile Overview

Greptile Summary

This PR fixes duplicate PATCH requests to /api/v1/privacy-preferences when dismissing the consent banner via the X close button.

Root Cause Analysis:
When PR #7227 added onDismiss() to the a11y-dialog's onClose callback in Overlay.tsx:177, it inadvertently created a duplicate call path. The ConsentBanner CloseButton was calling both:

1. closeButton.onClick() - which triggers the a11y-dialog's onClose callback (lines 50-56 in a11y-dialog.tsx)
2. An explicit onClose() prop passed from the parent

This resulted in handleDismiss() being invoked twice, sending duplicate API requests.

The Fix:
The PR correctly removes the redundant direct onClose() call and the onClose prop from ConsentBanner. Now the dismissal flow follows a single clean path:

• User clicks CloseButton → closeButton.onClick() → a11y-dialog's handleClose() → onClose callback in Overlay.tsx → onDismiss() → handleDismiss()

Impact:

• Eliminates duplicate API requests
• Maintains all existing functionality (banner closes, consent is recorded)
• Aligns with the architecture established in PR Fix TCF dismissal with GPC-enabled custom notices #7227

Confidence Score: 5/5

• This PR is safe to merge with no risk
• The change is a simple, well-reasoned fix that removes redundant code. The PR description provides excellent context including the root cause analysis and clear testing steps. The fix correctly addresses the duplicate API call issue by removing the redundant onClose() invocation while preserving the single correct call path through the a11y-dialog mechanism. No regressions are expected.
• No files require special attention

Important Files Changed

Filename	Overview
clients/fides-js/src/components/ConsentBanner.tsx	Removed redundant onClose() call from CloseButton handler - fix correctly addresses duplicate PATCH requests

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[nrxsmith]

Makes sense to me 👍