Request for feedback: Removing support for redirects for attribution reports

1,325 views
Skip to first unread message

Charles Harrison

unread,
May 16, 2023, 4:51:31 PM5/16/23
to attribution-re...@chromium.org, Akash Nadan, apase...@chromium.org, Alex Turner
Hello everyone,
In PR 547 we are discussing whether we want to allow attribution reports (both aggregatable and event-level) to redirect across origins (i.e. whether they should be cors requests). For a few reasons, I think it makes sense to make these requests same-origin:
1. It simplifies our API, and allows us to avoid supporting / maintaining CORS flows on these requests
2. It discourages wasting client bandwidth sending reports to multiple endpoints

I'm posting to this list to see if anyone is relying on this behavior or if they think it is important for us to keep the cors functionality here. Please comment either here or in the PR if you have thoughts.

Best,
Charlie
Reply all
Reply to author
Forward
0 new messages