This feature seems problematic from a web architecture point of view. I have added a comment on https://github.com/WICG/attribution-reporting-api/issues/1202 .
Getting full review from parties like the TAG or other browsers probably does not make sense for this kind of a small change to the Attribution Reporting Feature (which has had its own previous reviews). But, there are several experts in the Fetch and HTTP space who I would like to give a chance to comment on this, as I am especially worried about the precedent it sets. I have tagged them in the above issue. On Sat, May 18, 2024 at 1:23 AM 'Akash Nadan' via blink-dev < blink-dev@chromium.org> wrote: > Contact emails > > akashna...@google.com, lin...@chromium.org, johni...@chromium.org > > Explainer > > Attribution Reporting with event-level reports > <https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md> > > Attribution Reporting API with Aggregatable Reports > <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md> > > Aggregation Service for the Attribution Reporting API > <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATION_SERVICE_TEE.md> > > Specification > > https://wicg.github.io/attribution-reporting-api/ > > Blink component > > Internals > AttributionReporting > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting> > > Summary > > We are landing the following change to the Attribution Reporting API > focused on: > > - > > improving handling of registrations with multiple of the same header > > > This feature is mainly to address the following edge case > <https://github.com/WICG/attribution-reporting-api/issues/1202>. > > Currently the API coalesces registration headers if the same header > appears multiple times in a response. The individual response values are > joined by a "," (comma). > > Because the headers contain JSON, this almost always results in an invalid > value and therefore responses with multiple of the same header will cause > the registration to fail, except in the scenario of the edge case. > > Given this potential edge case, and so that the current API behavior > persists, this change makes it so that the API explicitly prevents header > coalescing. If the same header appears more than once in the response then > the registration will be rejected. > > Explainer/Spec changes > > 1. > > Prevent coalescing for web source/trigger headers > <https://github.com/WICG/attribution-reporting-api/pull/1212> > > > Risks > Interoperability and Compatibility > > This feature is a backwards incompatible change because of the edge case > scenario described above. However, as described above, this is not a major > concern because currently in all cases except the edge case scenario, which > seems very unlikely, the behavior for having multiple of the same header in > the response is the same. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > The attribution reporting feature will be supported on all platforms with > the exception of Android WebView > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? > > Yes > > Estimated milestones > > This feature is anticipated to ship as part of Chrome 126. > <https://chromiumdash.appspot.com/schedule> > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5204901830590464 > > Links to previous Intent discussions > > Previous I2S: > > Intent to Ship: Attribution Reporting API > <https://groups.google.com/a/chromium.org/g/blink-dev/c/2Rmj5V6FSaY> > > Intent to Ship: Attribution Reporting features M117 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/nWF61c8xu-M/m/uMmH1ewcAQAJ> > > Intent to Ship: Attribution Reporting features M118 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/Mh-mJiyJZFk/m/HlgzpphYBQAJ> > > Intent to Ship: Attribution Reporting features M119 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/6e44SBtEtcQ> > > Intent to Ship: Attribution Reporting features M120 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/jSk3xpNPzGQ/m/VZPsdYgGCAAJ> > > Intent to Ship: Attribution Reporting features M121 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/g9KiC6Rg_mA/m/V679WcWuAQAJ> > > Intent to Ship: Attribution Reporting features M123 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/NE7VGke1Bjc/m/bIX00t4CAAAJ> > > Intent to Ship: Attribution Reporting features M124 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/aregp1li6xk/m/IhBB2z8tBQAJ> > > Intern to Ship: Attribution Reporting features M125 > <https://groups.google.com/a/chromium.org/g/blink-dev/c/9UyhI6SRyxM/m/zgWWckgWAQAJ> > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c1897a01-ad86-492a-8cac-e6c0033be278n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c1897a01-ad86-492a-8cac-e6c0033be278n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra__h3rBBSf_KFv4u92sC_LX%3DDVT4YKLdPdYvvwREHvsFA%40mail.gmail.com.