Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting automatic beacon data from cross-origin subframes. #49960

Merged
merged 1 commit into from
Jan 7, 2025
Merged

Allow setting automatic beacon data from cross-origin subframes. #49960

merged 1 commit into from
Jan 7, 2025
+191 −12

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Jan 7, 2025
edited
Loading

Cross-origin fenced frames/URN iframes can send automatic reporting
beacons, but currently require data included in these beacons to be
pre-registered via an API call accessible only to a document that is
same-origin to the fenced frame config's mapped URL. This poses a
problem for cross-origin subframes within the same entity (e.g., an ad
frame and a payment subframe from the same company) that need to include
dynamic data, like click information, in the beacon. The current
workaround involves cumbersome postMessage communication and introduces
potential timing issues, highlighting the need for a more practical
solution for cross-origin subframes to set their own beacon data.

This CL relaxes that restriction and lets cross-origin documents set
automatic beacon data as well as use it. This is subject to the same
kinds of opt ins as other cross-origin FFAR features. Namely, the root
frame must opt in via the "Allow-Fenced-Frame-Automatic-Beacons" header,
and the cross-origin subframe setting the data must opt in via the
'crossOriginExposed' parameter in the call to setReportEvent...().

See: WICG/fenced-frame#185

Change-Id: Iea922e737fa870f2edf0c24aa81927535f779d8b
Bug: 382500834
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6074470
Reviewed-by: Andrew Verge <[email protected]>
Reviewed-by: Dominic Farolino <[email protected]>
Commit-Queue: Liam Brady <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1403202}

@chromium-wpt-export-bot chromium-wpt-export-bot marked this pull request as ready for review January 7, 2025 21:02
@chromium-wpt-export-bot
Allow setting automatic beacon data from cross-origin subframes.
b99f6ed 
Cross-origin fenced frames/URN iframes can send automatic reporting
beacons, but currently require data included in these beacons to be
pre-registered via an API call accessible only to a document that is
same-origin to the fenced frame config's mapped URL. This poses a
problem for cross-origin subframes within the same entity (e.g., an ad
frame and a payment subframe from the same company) that need to include
dynamic data, like click information, in the beacon. The current
workaround involves cumbersome postMessage communication and introduces
potential timing issues, highlighting the need for a more practical
solution for cross-origin subframes to set their own beacon data.

This CL relaxes that restriction and lets cross-origin documents set
automatic beacon data as well as use it. This is subject to the same
kinds of opt ins as other cross-origin FFAR features. Namely, the root
frame must opt in via the "Allow-Fenced-Frame-Automatic-Beacons" header,
and the cross-origin subframe setting the data must opt in via the
'crossOriginExposed' parameter in the call to setReportEvent...().

See: WICG/fenced-frame#185

Change-Id: Iea922e737fa870f2edf0c24aa81927535f779d8b
Bug: 382500834
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6074470
Reviewed-by: Andrew Verge <[email protected]>
Reviewed-by: Dominic Farolino <[email protected]>
Commit-Queue: Liam Brady <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1403202}
wpt-pr-bot
wpt-pr-bot approved these changes Jan 7, 2025
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 0a499ef into master Jan 7, 2025
18 checks passed
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-6074470 branch January 7, 2025 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export fenced-frame wg-cg_wicg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chromium-wpt-export-bot @wpt-pr-bot