This change would impact the ability of first parties to regulate and prevent reportEvent beacons. Although this requires mutual opt-in, I expect scenarios to eventually come up where a site owner wants to allow cross-origin reportEvent only for certain origins.
On Wednesday, May 8, 2024 at 8:30:58 AM UTC-7 lbr...@google.com wrote: > Contact emails > > lbr...@google.com, shiva...@chromium.org, jka...@chromium.org > > Explainer(s) > > https://github.com/WICG/turtledove/pull/1134 > > Spec(s) > > https://github.com/WICG/fenced-frame/pull/152 > > Summary > > Ad frames (both fenced frames and urn-iframes) created through a Protected > Audience auction, as well as their same-origin nested iframes, are allowed > to call reportEvent() API > <https://github.com/WICG/turtledove/blob/main/Fenced_Frames_Ads_Reporting.md#reportevent-preregistered-destination-url> > > to send event-level reports. It's also important for third-parties on > Protected Audience-created ads to have the same measurement and reporting > capabilities for spam detection, brand safety, and measurement > verification. However, the API as it exists currently has a same-origin > child iframe restriction which poses a complication as described below. > > If an ad buyer wins an ad auction and its ad frame is displayed on a page, > it might choose to embed a subframe that points to a third-party server > that hosts the actual ad instead. With this use case, and with the current > state of the reportEvent() API, the actual ad's document cannot directly > call reportEvent() the way that its embedder can since the document is in a > cross-origin nested iframe. Instead, it has to get its embedder to actually > send the beacon by letting the embedder know via a postMessage. This will > not be an ergonomic solution for this use case. > > With this change, a cross-origin subframe can opt in to sending > reportEvent() beacons using its ancestor's reporting metadata by calling > reportEvent() with the parameter crossOriginExposed=true. This is the same > syntax as is currently used by the main render URL frame to opt in to > sending cross-origin automatic beacons with data (this means the FenceEvent > IDL will stay the same). > > The main ad render URL frame will opt in with a new > "Allow-Cross-Origin-Event-Reporting" response header. Its valid values will > be true and false, and will default to false when omitted. This will not be > required for documents that are same-origin to the FencedFrameConfig's > mapped url. > > This is a convenience change (not privacy impacting), as it's already > possible (but cumbersome) for the third-party to postMessage the parent > frame to send the report on their behalf. For security reasons, the > proposal requires opt-ins from both the main ad frame and the cross-origin > iframe. > > Blink component > > Blink>FencedFrames > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EFencedFrames> > > TAG reviews and status > > Fenced frames existing TAG review appended with these spec changes > https://github.com/w3ctag/design-reviews/issues/838# > <https://github.com/w3ctag/design-reviews/issues/838#issuecomment-1792881253> > > Link to Origin Trial feedback summary > > No Origin Trial performed > > Is this feature supported on all six Blink platforms (Windows, Mac, Linux, > Chrome OS, Android, and Android WebView)? > > Supported on all the above platforms except Android WebView. > > Debuggability > > Additional debugging capabilities are not necessary for these feature > changes. > > Risks > > Compatibility > > This is an added functionality and is backward compatible. > > Interoperability > > There are no interoperability risks as no other browsers have decided to > implement these features yet. We have not received any standards positions > from Mozilla <https://github.com/mozilla/standards-positions/issues/781> > or Webkit <https://github.com/WebKit/standards-positions/issues/173>. > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>? > > Link to test suite results from wpt.fyi. > > Yes. New reportEvent() beacon tests have been added to test cross-origin > beacons. > > fence-report-event-cross-origin-content-initiated.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-content-initiated.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-content-initiated.https.html> > ) > > fence-report-event-cross-origin-nested-urn-iframe.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html> > ) > > fence-report-event-cross-origin-nested.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-nested.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-nested.https.html> > ) > > fence-report-event-cross-origin-no-embedder-opt-in.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html> > ) > > fence-report-event-cross-origin-no-subframe-opt-in.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html> > ) > > fence-report-event-cross-origin-urn-iframe-content-initiated.https.html ( > test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html> > ) > > fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html ( > test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html> > ) > > fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html ( > test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html> > ) > > fence-report-event-cross-origin-urn-iframe.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html> > ) > > fence-report-event-cross-origin.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-cross-origin.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-cross-origin.https.html> > ) > > fence-report-event-sub-fencedframe.https.html (test > <https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/fence-report-event-sub-fencedframe.https.html>) > > (results > <https://wpt.fyi/results/fenced-frame/fence-report-event-sub-fencedframe.https.html> > ) > > WPT directory for Fenced Frames: > https://github.com/web-platform-tests/wpt/tree/master/fenced-frame > > Anticipated spec changes > > None > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5113611084365824 > > Links to previous Intent discussions > > Fenced Frame Intent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/Ko9UXQYPgUE/m/URRsB-qvAAAJ > > > Fenced Frame Intent to experiment: > https://groups.google.com/a/chromium.org/g/blink-dev/c/y6G3cvKXjlg/m/Lcpmpi_LAgAJ > > > Fenced Frame Intent to ship: > > > https://groups.google.com/a/chromium.org/g/blink-dev/c/tpw8wW0VenQ/m/mePLTiHlDQAJ > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2929cf75-6c34-4b89-b998-460a86bf4272n%40chromium.org.