Explainer for cross-origin trusted signals #1156
Conversation
Just documenting the fields for now + section.
FLEDGE.md
Outdated
| } | ||
| ``` | ||
|
|
||
| Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the |
There was a problem hiding this comment.
This is true in the case where the publisher is invoking runAdAuction and is the top-level seller. But otherwise, sellers are providing & operating the TSS url.
There was a problem hiding this comment.
It's still in context of the publisher page, and thus not really having the full trust of the seller's origin though?
| a [structured headers list of strings](https://www.rfc-editor.org/rfc/rfc8941) describing origins | ||
| fetching trusted signals from which is permitted. The trusted scoring signals fetch may not begin | ||
| until this header is received, in order to avoid leaking bid information to a third party. | ||
| This means using a cross-origin trusted server for seller information may carry a peformance |
There was a problem hiding this comment.
This means using a cross-origin trusted server for seller information may carry a peformance penalty.
I anticipate that a common seller use case will be a TSS URL that is same-site with the scoring logic URL. Must this case incur the penalty?
There was a problem hiding this comment.
question: given that the original cross-origin fetch is CORS-based, how does Access-Control-Max-Age come into play here? In other words, can we provide a mechanism to cache this granting of cross-site access? As @dmdabbs correctly noted, the use case envisioned is a seller using different sub-domains from the same eTLD+1, and to avoid additional performance penalties as a result of this.
There was a problem hiding this comment.
Or, better yet, for those "cross-origin" sharing eLTD+1, is there a way to avoid this penalty entirely?
There was a problem hiding this comment.
Hmm, I need to figure out who to discuss this with. Your concern is eminently reasonable, but also generally it feels like web platform has been trying to be more origin than eTLD+1 based.
I think Access-Control-Max-Age doesn't come in at all since the signals fetch doesn't need a preflight, though I guess you're suggesting that the script headers sort of play the same role?
There was a problem hiding this comment.
I'm trying to better understand if we have pay this penalty on each auction, and if so, how to avoid it -- my comment about CORS was simply that we're borrowing those ACAO concepts.
There was a problem hiding this comment.
On today's WICG meeting, it was mentioned that perhaps the pre-connect may still begin, but it's the fetch() itself that is gated -- can we clarify?
There was a problem hiding this comment.
Preconnect should still work, only the load is gated, yes. (I should probably test that, though; this is based on staring at the code really hard).
| In case of bidder signals, the following changes occur: | ||
| 1. The fetch is a cross-origin CORS fetch with `Origin:` set to the buyer script's origin. | ||
| 2. The value is passed to `crossOriginTrustedSignals` parameter, not the `trustedBiddingSignals` | ||
| parameter, and there is one more level of nesting denoting the server's origin, e.g: |
There was a problem hiding this comment.
question: Is there a benefit to this level of nesting, rather than simply another parameter indicating the origin / domain of the scoring signals?
There was a problem hiding this comment.
It's a bit harder to forget to check? (And also less parameters)
There was a problem hiding this comment.
harder to forget to check?
One is already explicitly checking the alternate signals parameter so that should already be priced in, so to speak.
There was a problem hiding this comment.
I was thinking in terms of having code do stuff like:
trustedSignals = trustedBiddingSignals || crossOriginTrustedSignals["kv-server.mydomain.com"];
...which simply can't access an unexpected domain.
FLEDGE.md
Outdated
| } | ||
| ``` | ||
|
|
||
| Note that older version of Chrome did not support cross-origin trusted signals. You can query |
There was a problem hiding this comment.
question: from a seller's perspective, we won't really have access to an environment where this can be queried before the auctionConfig is returned... so how will we know when to leverage this new behaviour?
There was a problem hiding this comment.
I guess it would require whatever script that bootstraps you to pass that in?
I wonder if "give me an entire table of settings" alternative to queryFeatureSupport would be helpful here, though I worry it may eventually get rather large.
There was a problem hiding this comment.
Indeed, this is something that we've been floating on the Prebid.js side for precisely this reason.
There was a problem hiding this comment.
So I just landed support for queryFeatureSupport('*') which returns a dictionary with all the features that queryFeatureSupport knows about. Explain update (to the feature detection file) is going to come shortly, just in process of going through the comments here...
| ## Getting browser-side detectable features as an object | ||
| Sometimes it's desirable to get status of all features detectable via `queryFeatureSupport` in a | ||
| forward-compatible way. Sufficiently recent versions provide this functionality via | ||
| `queryFeatureSupport('*')`, which returns a dictionary describing state of various features. Since |
There was a problem hiding this comment.
a feature request in prebid exists to put the results of this in payloads. Are there any assurances this object won't grow beyond some reasonable size, eg 12 items?
There was a problem hiding this comment.
I think this list continue to will grow, but, as discussed in a couple of the recent WICG calls, there are various things we can do to limit it's growth. I think one solution was to pass in a Chrome version, which in turn would make the API only inform you of features that are experimentally enabled beyond what that particular version of Chrome Stable supports by default.
FLEDGE.md
Outdated
| Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the | ||
| publisher, not the seller: |
There was a problem hiding this comment.
| Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the | |
| publisher, not the seller: | |
| Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by a | |
| context that is not required to be same-origin with the seller: |
FLEDGE.md
Outdated
| 4. The data version is passed in `browserSignals.crossOriginDataVersion`, not | ||
| `browserSignals.dataVersion`. | ||
|
|
||
| Note that older version of Chrome did not support cross-origin trusted signals. You can query |
There was a problem hiding this comment.
| Note that older version of Chrome did not support cross-origin trusted signals. You can query | |
| Note that older versions of Chrome did not support cross-origin trusted signals. You can query |
SHA: 38d3b02 Reason: push, by michaelkleber Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Please note that the implementation of this isn't complete yet!