Contact emails
lbr...@google.com, shiva...@chromium.org, jka...@chromium.org
Specification
https://github.com/WICG/fenced-frame/pull/164
Summary
Reporting beacons (e.g. reportEvent to preregistered destination URLs, automatic beacon events, and reportEvent to custom destination URL with substitution of preregistered macros) will have their "Referer" header set to the initiating frame's origin. This is a strictly additive change, as the "Referer" header is currently unpopulated for all fenced frame event-level reports. However, the referrer could be manually added today by callers of reportEvent in the eventData or destinationURL fields of events.
We plan on introducing cross-origin support for reportEvent() beacons and have previously introduced the same support for automatic beacons. When this happens, event-level reports will be able to be sent from origins other than the root ad frame's origin. However, a server currently can't tell where an event-level report originates, since the referrer is unset and the "Origin" header is set to the worklet origin for reportEvent() with destination enum and Automatic beacon events.
Giving a server this information will allow it to make a more informed decision on how to handle reporting beacons originating from documents that are cross-origin to the root ad frame. To align with expectations for how the referrer header behaves, the referrer policy will be set to the policy of the document that initiates the beacon.
Blink component
TAG review
None
TAG review status
Not applicable. This feature relates to Protected Audience whose review TAG has already resolved with an "unsatisfied" position.
Link to Origin Trial feedback summary
No Origin Trial performed
This is an added functionality and is backward compatible. There are no interoperability risks as no other browsers have decided to implement these features yet.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Not applicable as this will not be supported on Android WebView.
Additional debugging capabilities are not necessary for these feature changes.
Supported on all the above platforms except Android WebView.
Yes. The existing event reporting WPTs have been modified to check for the new header values.
None
None
False
Anticipated spec changes
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6246671997730816
On 11/28/24 6:41 AM, 'Liam Brady' via blink-dev wrote:
Contact emails
lbr...@google.com, shiva...@chromium.org, jka...@chromium.org
Specification
https://github.com/WICG/fenced-frame/pull/164
Summary
Reporting beacons (e.g. reportEvent to preregistered destination URLs, automatic beacon events, and reportEvent to custom destination URL with substitution of preregistered macros) will have their "Referer" header set to the initiating frame's origin. This is a strictly additive change, as the "Referer" header is currently unpopulated for all fenced frame event-level reports. However, the referrer could be manually added today by callers of reportEvent in the eventData or destinationURL fields of events.
We plan on introducing cross-origin support for reportEvent() beacons and have previously introduced the same support for automatic beacons. When this happens, event-level reports will be able to be sent from origins other than the root ad frame's origin. However, a server currently can't tell where an event-level report originates, since the referrer is unset and the "Origin" header is set to the worklet origin for reportEvent() with destination enum and Automatic beacon events.
Giving a server this information will allow it to make a more informed decision on how to handle reporting beacons originating from documents that are cross-origin to the root ad frame. To align with expectations for how the referrer header behaves, the referrer policy will be set to the policy of the document that initiates the beacon.
This summary is useful - and I guess this last paragraph is the
closest thing to an explainer. But it's still missing some useful
info. Can you elaborate a bit more on the developer need you're
trying to address (i.e., do we have feature requests for this)?
Are there any issues you can point to? Alternatives considered,
etc?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/24147311-a037-4fe1-8596-a1ea5ca1033fn%40chromium.org.
One other request: can you please request enterprise,
debuggability, and test bits in your chromestatus entry?
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/66f897bd-a60e-4ba4-9038-62dcf1459ef6n%40chromium.org.
LGTM3, but please fill out the vendor signals part in your
chromestatus entry (at least pointing to the parent fenced frame
requests - I don't think you need to file new ones here).