Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explainer change for separate rate-limits for embedded site #1457

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Explainer change for separate rate-limits for embedded site #1457

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
7de8374
Explainer change for separate rate-limits for embedded site
linnan-github Oct 28, 2024
cdf39fc
Update verbose_debugging_reports.md
linnan-github Oct 29, 2024
49fb85a
Update verbose_debugging_reports.md
linnan-github Oct 29, 2024
6185e14
review
linnan-github Nov 19, 2024
8a0e156
review
linnan-github Jan 2, 2025
5eab4b7
Clarify for embedded origin
linnan-github Jan 30, 2025
9f8600f
Fix typo
linnan-github Jan 30, 2025
3e6bf34
Update example
linnan-github Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions EVENT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -980,6 +980,11 @@ were reported.

In order to achieve the privacy goals listed above the API has various rate limits, which can be found [here](https://github.com/WICG/attribution-reporting-api/blob/main/params/chromium-params.md) for Chromium.

Note: Browsers may choose to allow separate limits, e.g. storage limit,
rate-limits, and destination limits, for the embedded site/origin for specific
use cases (for example, [AMP](https://amp.dev) pages rendered by an AMP
cache/viewer provider).

### Trigger Data

Trigger data, e.g. advertiser-side data, is extremely important for critical use
Expand Down
10 changes: 8 additions & 2 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1875,8 +1875,14 @@ To <dfn>check if cookie-based debugging is allowed</dfn> given a

<h3 algorithm id="obtaining-context-origin">Obtaining context origin</h3>

To obtain the <dfn export for=node>context origin</dfn> of a [=node=] |node|, return |node|'s [=node navigable=]'s
[=navigable/top-level traversable=]'s [=navigable/active document=]'s [=origin=].
To obtain the <dfn export for=node>context origin</dfn> of a [=node=] |node|:

1. Optionally, return the embedded origin if it exists.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be helpful for people reading the spec to have some definition of embedded origin here, either in a note or in a link.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does optionally here mean that different implementations can choose whether they care about embedded origins and still be compliant with the specification?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is the intention to leave it defined by the user agent.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should clarify that. Otherwise, it could be interpreted as "some of the time, do this," when it really means that the implementation can choose whether it supports the notion of embedded origins, but if it does, this algorithm should be consistent.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could also apply to the case "some of the time, do this". For example, if we only want to do this for sources but not triggers.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, but the point is that the algorithm should be consistent under particular static circumstances. For example, it is not in the spirit of this specification for the implementation to generate a random number to decide whether to return the embedded origin or actual origin.

1. Return |node|'s [=node navigable=]'s [=navigable/top-level traversable=]'s
[=navigable/active document=]'s [=origin=].

Note: The user agent may return the embedded origin to allow separate limits
for specific use cases.

<h3 id="obtaining-randomized-response">Obtaining a randomized response</h3>

Expand Down
9 changes: 6 additions & 3 deletions verbose_debugging_reports.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,9 @@ The `body` will contain the following fields for all source debugging reports:
This will be a string if there was one such site, or a list of strings if
there were multiple.
* `source_event_id`: The source registration's `source_event_id`.
* `source_site`: The top-level site on which the source registration occurred.
* `source_site`: The top-level site, or the embedded site for specific use cases
(for example, [AMP](https://amp.dev) pages rendered by an AMP cache/viewer provider),
on which the source registration occurred.

Additionally:

Expand Down Expand Up @@ -155,8 +157,9 @@ Additionally:
* If the trigger was attributed to a source, then the `body` will also contain
the following fields:
* `source_event_id`: The source registration's `source_event_id`.
* `source_site`: The top-level site on which the source registration
occurred.
* `source_site`: The top-level site, or the embedded site for specific use cases
(for example, [AMP](https://amp.dev) pages rendered by an AMP cache/viewer provider),
on which the source registration occurred.
* `source_debug_key`: The source registration's `debug_key`, but omitted if
the source registration did not contain a valid `debug_key` or
[cookie-based debugging][] was prohibited.
Expand Down
Loading