Re: [blink-dev] Intent to Ship: Allow Cross-Origin Subframes to Send Automatic Beacons

Fri, 19 Jan 2024 12:43:43 -0800 

Hi Liam,

On 1/16/24 3:49 PM, 'Liam Brady' via blink-dev wrote:


Contact emails


[email protected] <mailto:[email protected]>, [email protected] 
<mailto:[email protected]>, [email protected] 
<mailto:[email protected]>



Explainer(s)


https://github.com/WICG/turtledove/pull/904 
<https://github.com/WICG/turtledove/pull/904>



Spec(s)


https://github.com/WICG/fenced-frame/pull/133 
<https://github.com/WICG/fenced-frame/pull/133>



Summary


As part of the Privacy Sandbox experiment, we introduced a way for 
beacons to be sent automatically if a top-level navigation is 
initiated from within an ad frame 
<https://github.com/WICG/turtledove/blob/main/Fenced_Frames_Ads_Reporting.md#registeradbeacon-1>. 
At the time, we restricted this feature to frames and subframes that 
were same-origin to the root ad frame. However, there is a use case 
that this is not able to handle. With third-party ad serving (3PAS), 
the actual contents of the ad (including links/click handlers) are 
loaded in a cross-origin subframe. Because it is cross-origin, the 
frame does not get access to the automatic beacon API, and therefore 
is not able to report a top-level navigation when a user clicks on the ad.




A cross-origin subframe can now opt in to sending automatic beacons by 
setting a new response header: "Allow-Fenced-Frame-Automatic-Beacons". 
The cross-origin frame still cannot set automatic beacon data; 
instead, the main ad frame will set the automatic beacon data, but opt 
in to having the data be used for cross-origin automatic beacons using 
a new "crossOrigin=true" parameter. When these 2 criteria are met, the 
cross-origin subframe will send an automatic beacon when a top-level 
navigation happens.



Is "crossOrigin=true" different than the "crossOriginExposed" boolean 
defined in the spec? Or just a typo?



Another question: is there any reason you chose to create a new HTTP 
header, rather than use something like Permissions-Policy? (Maybe that's 
not supported for fenced frames?)





This feature will also fix a separate issue 
<https://github.com/WICG/turtledove/pull/808#issuecomment-1721411495>brought 
up externally and allow for ad components to opt into sending 
automatic beacons without needing to invoke 
setReportEventDataForAutomaticBeacons(); they instead will just need 
to supply the "Allow-Fenced-Frame-Automatic-Beacons" response header. 
This will not remove the existing way for ad components to opt into 
sending beacons.



Blink component


Blink>FencedFrames 
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EFencedFrames>



TAG reviews and status


Fenced frames existing TAG review appended with these spec changes 
https://github.com/w3ctag/design-reviews/issues/838# 
<https://github.com/w3ctag/design-reviews/issues/838#issuecomment-1792881253>



Link to Origin Trial feedback summary

No Origin Trial performed



Is this feature supported on all six Blink platforms (Windows, Mac, 
Linux, Chrome OS, Android, and Android WebView)?


Supported on all the above platforms except Android WebView.


Debuggability


Additional debugging capabilities are not necessary for these feature 
changes.



Risks


Compatibility

This is an added functionality and is backward compatible.


Interoperability


There are no interoperability risks as no other browsers have decided 
to implement these features yet.




Is this feature fully tested by web-platform-tests 
<https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>? 
Link to test suite results from wpt.fyi <https://wpt.fyi>.



Yes. New automatic beacon tests have been added to test cross-origin 
beacons.



automatic-beacon-cross-origin-false.https.html (test 
<https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/automatic-beacon-cross-origin-false.https.html>) 
(results 
<https://wpt.fyi/results/fenced-frame/automatic-beacon-cross-origin-false.https.html>)



automatic-beacon-cross-origin-navigation.https.html (test 
<https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/automatic-beacon-cross-origin-navigation.https.html>) 
(results 
<https://wpt.fyi/results/fenced-frame/automatic-beacon-cross-origin-navigation.https.html>)



automatic-beacon-cross-origin-no-data.https.html (test 
<https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/automatic-beacon-cross-origin-no-data.https.html>) 
(results 
<https://wpt.fyi/results/fenced-frame/automatic-beacon-cross-origin-no-data.https.html>)



automatic-beacon-cross-origin-no-opt-in.https.html (test 
<https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/automatic-beacon-cross-origin-no-opt-in.https.html>) 
(results 
<https://wpt.fyi/results/fenced-frame/automatic-beacon-cross-origin-no-opt-in.https.html>)



automatic-beacon-use-ancestor-data.https.html (test 
<https://github.com/web-platform-tests/wpt/blob/master/fenced-frame/automatic-beacon-use-ancestor-data.https.html>) 
(results 
<https://wpt.fyi/results/fenced-frame/automatic-beacon-use-ancestor-data.https.html>)



WPT directory for Fenced Frames: 
https://github.com/web-platform-tests/wpt/tree/master/fenced-frame 
<https://github.com/web-platform-tests/wpt/tree/master/fenced-frame>



Anticipated spec changes

None


Link to entry on the Chrome Platform Status


https://chromestatus.com/feature/5179499557945344 
<https://chromestatus.com/feature/5179499557945344>



Links to previous Intent discussions


Intent to prototype: 
https://groups.google.com/a/chromium.org/g/blink-dev/c/Ko9UXQYPgUE/m/URRsB-qvAAAJ 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/Ko9UXQYPgUE/m/URRsB-qvAAAJ>



Intent to experiment: 
https://groups.google.com/a/chromium.org/g/blink-dev/c/y6G3cvKXjlg/m/Lcpmpi_LAgAJ 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/y6G3cvKXjlg/m/Lcpmpi_LAgAJ>


Intent to ship:


https://groups.google.com/a/chromium.org/g/blink-dev/c/tpw8wW0VenQ/m/mePLTiHlDQAJ 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/tpw8wW0VenQ/m/mePLTiHlDQAJ>





--

You received this message because you are subscribed to the Google 
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d33531b6-bc29-4951-ab8b-3b58880568den%40chromium.org 
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d33531b6-bc29-4951-ab8b-3b58880568den%40chromium.org?utm_medium=email&utm_source=footer>.


--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a4125129-82f4-4328-9c94-0a02b16083db%40chromium.org.






















					Reply via email to