Allow to specify multiple Prebid script handlers

docs/guide/api-reference.md

@@ -421,18 +421,22 @@ See [First-Party Endpoints](#get-first-party-ad) above.
 #### POST /third-party/ad
 See [First-Party Endpoints](#post-third-party-ad) above.
 
-#### GET /prebid.js (Optional)
-Returns empty JavaScript to override Prebid.js when `script_handler` is configured.
+#### GET /prebid.js, /prebid.min.js, etc. (Script Override)
+Returns empty JavaScript to override Prebid.js scripts when the Prebid integration is enabled. By default, exact requests to `/prebid.js`, `/prebid.min.js`, `/prebidjs.js`, or `/prebidjs.min.js` will be intercepted and served an empty script.
 
 **Configuration:**
 ```toml
 [integrations.prebid]
-script_handler = "/prebid.js"
+# Default patterns (exact paths)
+script_patterns = ["/prebid.js", "/prebid.min.js", "/prebidjs.js", "/prebidjs.min.js"]
+
+# Use wildcard patterns to match paths under a prefix
+# script_patterns = ["/static/prebid/*"]
 ```
 
 **Response:**
 - **Content-Type:** `application/javascript; charset=utf-8`
-- **Body:** `// Prebid.js override by Trusted Server`
+- **Body:** `// Script overridden by Trusted Server`
 - **Cache:** `immutable, max-age=31536000`
 
 ---

docs/guide/configuration-reference.md

@@ -597,9 +597,15 @@ All integrations support:
 | `server_url` | String | Required | Prebid Server endpoint URL |
 | `timeout_ms` | Integer | `1000` | Request timeout in milliseconds |
 | `bidders` | Array[String] | `[]` | List of enabled bidders |
-| `auto_configure` | Boolean | `false` | Auto-inject Prebid.js shim |
 | `debug` | Boolean | `false` | Enable debug logging |
-| `script_handler` | String | Optional | Custom script endpoint path |
+| `script_patterns` | Array[String] | See below | Patterns for removing Prebid script tags and intercepting requests |
+
+**Default `script_patterns`**:
+```toml
+["/prebid.js", "/prebid.min.js", "/prebidjs.js", "/prebidjs.min.js"]
+```
+
+These patterns use suffix matching when stripping HTML, so `/static/prebid/v8/prebid.min.js` matches because it ends with `/prebid.min.js`. For request interception, exact paths are registered unless you use wildcard patterns (e.g., `/static/prebid/*`), which match paths under that prefix.
 
 **Example**:
 ```toml
@@ -608,8 +614,8 @@ enabled = true
 server_url = "https://prebid-server.example/openrtb2/auction"
 timeout_ms = 1200
 bidders = ["kargo", "rubicon", "appnexus", "openx"]
-auto_configure = true
 debug = false
+# script_patterns = ["/static/prebid/*"]  # Optional: restrict to specific path
 ```
 
 **Environment Override**:
@@ -618,8 +624,9 @@ TRUSTED_SERVER__INTEGRATIONS__PREBID__ENABLED=true
 TRUSTED_SERVER__INTEGRATIONS__PREBID__SERVER_URL=https://prebid.example/auction
 TRUSTED_SERVER__INTEGRATIONS__PREBID__TIMEOUT_MS=1200
 TRUSTED_SERVER__INTEGRATIONS__PREBID__BIDDERS=kargo,rubicon,appnexus
-TRUSTED_SERVER__INTEGRATIONS__PREBID__AUTO_CONFIGURE=true
 TRUSTED_SERVER__INTEGRATIONS__PREBID__DEBUG=false
+TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_PATTERNS__0=/prebid.js
+TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_PATTERNS__1=/prebid.min.js
 ```
 
 ### Next.js Integration

docs/guide/configuration.md

@@ -95,7 +95,7 @@ enabled = true
 server_url = "https://prebid-server.com/openrtb2/auction"
 timeout_ms = 1200
 bidders = ["kargo", "rubicon", "appnexus"]
-auto_configure = false
+# script_patterns = ["/static/prebid/*"]
 ```
 
 ### `fastly.toml`
@@ -264,7 +264,7 @@ enabled = true
 server_url = "https://prebid-server.com/openrtb2/auction"
 timeout_ms = 1200
 bidders = ["kargo", "rubicon", "appnexus"]
-auto_configure = false
+# script_patterns = ["/static/prebid/*"]
 ```
 
 **Next.js**:

docs/guide/environment-variables.md

@@ -201,14 +201,15 @@ TRUSTED_SERVER__INTEGRATIONS__PREBID__TIMEOUT_MS=1000
 # Bidders (comma-separated)
 TRUSTED_SERVER__INTEGRATIONS__PREBID__BIDDERS="appnexus,rubicon,openx"
 
-# Auto-remove Prebid.js scripts
-TRUSTED_SERVER__INTEGRATIONS__PREBID__AUTO_CONFIGURE=true
-
 # Enable debug logging
 TRUSTED_SERVER__INTEGRATIONS__PREBID__DEBUG=false
 
-# Optional: Script handler path
-TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_HANDLER="/prebid.js"
+# Script patterns to remove Prebid tags and serve empty JS (indexed format)
+# Default patterns match common Prebid filenames at exact paths
+TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_PATTERNS__0="/prebid.js"
+TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_PATTERNS__1="/prebid.min.js"
+# For versioned paths, use wildcards:
+# TRUSTED_SERVER__INTEGRATIONS__PREBID__SCRIPT_PATTERNS__0="/static/prebid/{*rest}"
 ```
 
 **TOML Equivalent:**
@@ -218,9 +219,8 @@ enabled = true
 server_url = "https://prebid-server.example.com"
 timeout_ms = 1000
 bidders = ["appnexus", "rubicon", "openx"]
-auto_configure = true
 debug = false
-script_handler = "/prebid.js"
+script_patterns = ["/prebid.js", "/prebid.min.js", "/prebidjs.js", "/prebidjs.min.js"]
 ```
 
 ---
@@ -642,7 +642,6 @@ export TRUSTED_SERVER__INTEGRATIONS__PREBID__ENABLED=true
 export TRUSTED_SERVER__INTEGRATIONS__PREBID__SERVER_URL="https://prebid-server.com"
 export TRUSTED_SERVER__INTEGRATIONS__PREBID__TIMEOUT_MS=2000
 export TRUSTED_SERVER__INTEGRATIONS__PREBID__BIDDERS="appnexus,rubicon,openx"
-export TRUSTED_SERVER__INTEGRATIONS__PREBID__AUTO_CONFIGURE=true
 
 # Optional: Security Headers
 export TRUSTED_SERVER__RESPONSE_HEADERS__STRICT_TRANSPORT_SECURITY="max-age=31536000"

docs/guide/integration-guide.md

@@ -276,7 +276,7 @@ enabled = true
 server_url = "https://prebid.example/openrtb2/auction"
 timeout_ms = 1200
 bidders = ["equativ", "sampleBidder"]
-auto_configure = true
+# script_patterns = ["/static/prebid/*"]
 ```
 
 Tests or scaffolding can inject configs by calling `settings.integrations.insert_config("prebid", &serde_json::json!({...}))`, the same helper that other integrations use.
@@ -287,7 +287,7 @@ Tests or scaffolding can inject configs by calling `settings.integrations.insert
 
 **3. HTML Rewrites Through the Registry**
 
-When `auto_configure` is enabled, the integration's `IntegrationAttributeRewriter` removes any `<script src="prebid*.js">` or `<link href=…>` references outright. The unified TSJS bundle is injected at the start of `<head>`, so dropping the publisher assets prevents duplicate downloads and still runs before any inline `pbjs` config.
+When the integration is enabled, the `IntegrationAttributeRewriter` removes any `<script src="prebid*.js">` or `<link href=…>` references that match `script_patterns`. The unified TSJS bundle is injected at the start of `<head>`, so dropping the publisher assets prevents duplicate downloads and still runs before any inline `pbjs` config.
 
 **4. TSJS Assets & Testing**
 

docs/guide/integration_guide.md

@@ -315,7 +315,7 @@ Prebid applies the same steps outlined above with a few notable patterns:
    server_url = "https://prebid.example/openrtb2/auction"
    timeout_ms = 1200
    bidders = ["equativ", "sampleBidder"]
-   auto_configure = true
+   # script_patterns = ["/static/prebid/*"]
    ```
 
    Tests or scaffolding can inject configs by calling
@@ -329,10 +329,11 @@ Prebid applies the same steps outlined above with a few notable patterns:
    creative rewrites before responding. All routes are properly namespaced under
    `/integrations/prebid/` to follow the integration routing pattern.
 
-3. **HTML rewrites through the registry** – When `auto_configure` is enabled, the integration’s
+3. **HTML rewrites through the registry** – When the integration is enabled, the
    `IntegrationAttributeRewriter` removes any `<script src="prebid*.js">` or `<link href=…>`
-   references outright. The unified TSJS bundle is injected at the start of `<head>`, so dropping the
-   publisher assets prevents duplicate downloads and still runs before any inline `pbjs` config.
+   references that match `script_patterns`. The unified TSJS bundle is injected at the start
+   of `<head>`, so dropping the publisher assets prevents duplicate downloads and still runs before
+   any inline `pbjs` config.
 
 4. **TSJS assets & testing** – The shim implementation lives in
    `crates/js/lib/src/ext/prebidjs.ts`. Tests typically assert that publisher references disappear,

docs/guide/integrations-overview.md

@@ -6,7 +6,7 @@ Trusted Server provides built-in integrations with popular third-party services,
 
 | Integration | Type | Endpoints | HTML Rewriting | Primary Use Case | Status |
 |-------------|------|-----------|----------------|------------------|--------|
-| **Prebid** | Proxy + Rewriter | 2-3 routes | Removes Prebid.js scripts | Server-side header bidding | Production |
+| **Prebid** | Proxy + Rewriter | 2+ routes | Removes Prebid.js scripts | Server-side header bidding | Production |
 | **Next.js** | Script Rewriter | None | Rewrites Next.js data | First-party Next.js routing | Production |
 | **Permutive** | Proxy + Rewriter | 6 routes | Rewrites SDK URLs | First-party audience data | Production |
 | **Testlight** | Proxy + Rewriter | 1 route | Rewrites integration scripts | Testing/development | Development |
@@ -32,14 +32,14 @@ enabled = true
 server_url = "https://prebid-server.example.com"
 timeout_ms = 1000
 bidders = ["appnexus", "rubicon"]
-auto_configure = true
 debug = false
+# script_patterns = ["/static/prebid/*"]
 ```
 
 **Endpoints:**
 - `GET /first-party/ad` - Server-side ad rendering
 - `POST /third-party/ad` - Client-side auction endpoint
-- `GET /prebid.js` - Optional empty script override
+- `GET /prebid.js` - Empty script override (plus any configured patterns)
 
 **When to use:** You want to monetize your site with programmatic advertising while maintaining privacy and first-party context.
 

trusted-server.toml

@@ -38,9 +38,8 @@ enabled = true
 server_url = "http://68.183.113.79:8000"
 timeout_ms = 1000
 bidders = ["kargo", "rubicon", "appnexus", "openx"]
-auto_configure = false
 debug = false
-# script_handler = "/prebid.js"
+# script_patterns = ["/prebid.min.js", "/prebidjs.min.js"]  # defaults to common prebid filenames
 
 [integrations.nextjs]
 enabled = false