-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explainer for cross-origin trusted signals #1156
Conversation
Just documenting the fields for now + section.
FLEDGE.md
Outdated
} | ||
``` | ||
|
||
Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is true in the case where the publisher is invoking runAdAuction and is the top-level seller. But otherwise, sellers are providing & operating the TSS url.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's still in context of the publisher page, and thus not really having the full trust of the seller's origin though?
a [structured headers list of strings](https://www.rfc-editor.org/rfc/rfc8941) describing origins | ||
fetching trusted signals from which is permitted. The trusted scoring signals fetch may not begin | ||
until this header is received, in order to avoid leaking bid information to a third party. | ||
This means using a cross-origin trusted server for seller information may carry a peformance |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This means using a cross-origin trusted server for seller information may carry a peformance penalty.
I anticipate that a common seller use case will be a TSS URL that is same-site with the scoring logic URL. Must this case incur the penalty?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: given that the original cross-origin fetch is CORS-based, how does Access-Control-Max-Age
come into play here? In other words, can we provide a mechanism to cache this granting of cross-site access? As @dmdabbs correctly noted, the use case envisioned is a seller using different sub-domains from the same eTLD+1, and to avoid additional performance penalties as a result of this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or, better yet, for those "cross-origin" sharing eLTD+1, is there a way to avoid this penalty entirely?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I need to figure out who to discuss this with. Your concern is eminently reasonable, but also generally it feels like web platform has been trying to be more origin than eTLD+1 based.
I think Access-Control-Max-Age doesn't come in at all since the signals fetch doesn't need a preflight, though I guess you're suggesting that the script headers sort of play the same role?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm trying to better understand if we have pay this penalty on each auction, and if so, how to avoid it -- my comment about CORS was simply that we're borrowing those ACAO concepts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On today's WICG meeting, it was mentioned that perhaps the pre-connect may still begin, but it's the fetch() itself that is gated -- can we clarify?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preconnect should still work, only the load is gated, yes. (I should probably test that, though; this is based on staring at the code really hard).
In case of bidder signals, the following changes occur: | ||
1. The fetch is a cross-origin CORS fetch with `Origin:` set to the buyer script's origin. | ||
2. The value is passed to `crossOriginTrustedSignals` parameter, not the `trustedBiddingSignals` | ||
parameter, and there is one more level of nesting denoting the server's origin, e.g: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: Is there a benefit to this level of nesting, rather than simply another parameter indicating the origin / domain of the scoring signals?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a bit harder to forget to check? (And also less parameters)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
harder to forget to check?
One is already explicitly checking the alternate signals parameter so that should already be priced in, so to speak.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking in terms of having code do stuff like:
trustedSignals = trustedBiddingSignals || crossOriginTrustedSignals["kv-server.mydomain.com"];
...which simply can't access an unexpected domain.
FLEDGE.md
Outdated
} | ||
``` | ||
|
||
Note that older version of Chrome did not support cross-origin trusted signals. You can query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: from a seller's perspective, we won't really have access to an environment where this can be queried before the auctionConfig
is returned... so how will we know when to leverage this new behaviour?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it would require whatever script that bootstraps you to pass that in?
I wonder if "give me an entire table of settings" alternative to queryFeatureSupport would be helpful here, though I worry it may eventually get rather large.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, this is something that we've been floating on the Prebid.js side for precisely this reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I just landed support for queryFeatureSupport('*') which returns a dictionary with all the features that queryFeatureSupport knows about. Explain update (to the feature detection file) is going to come shortly, just in process of going through the comments here...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
... And pushed.
## Getting browser-side detectable features as an object | ||
Sometimes it's desirable to get status of all features detectable via `queryFeatureSupport` in a | ||
forward-compatible way. Sufficiently recent versions provide this functionality via | ||
`queryFeatureSupport('*')`, which returns a dictionary describing state of various features. Since |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a feature request in prebid exists to put the results of this in payloads. Are there any assurances this object won't grow beyond some reasonable size, eg 12 items?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this list continue to will grow, but, as discussed in a couple of the recent WICG calls, there are various things we can do to limit it's growth. I think one solution was to pass in a Chrome version, which in turn would make the API only inform you of features that are experimentally enabled beyond what that particular version of Chrome Stable supports by default.
FLEDGE.md
Outdated
Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the | ||
publisher, not the seller: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by the | |
publisher, not the seller: | |
Seller signals have additional requirements, as the `trustedScoringSignalsURL` is provided by a | |
context that is not required to be same-origin with the seller: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
FLEDGE.md
Outdated
4. The data version is passed in `browserSignals.crossOriginDataVersion`, not | ||
`browserSignals.dataVersion`. | ||
|
||
Note that older version of Chrome did not support cross-origin trusted signals. You can query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that older version of Chrome did not support cross-origin trusted signals. You can query | |
Note that older versions of Chrome did not support cross-origin trusted signals. You can query |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
SHA: 38d3b02 Reason: push, by michaelkleber Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Please note that the implementation of this isn't complete yet!