start work

spec.bs

@@ -1146,6 +1146,9 @@ A <dfn export>fenced frame config</dfn> is a [=struct=] with the following [=str
 
   : <dfn>is ad component</dfn>
   :: A [=boolean=]. Defaulting to false.
+
+  : <dfn>cross-origin reporting allowed</dfn>
+  :: A [=boolean=]. Defaulting to false.
 </dl>
 
   Note: When true, this [=fenced frame config=] reprsents an ad component. An ad component can be
@@ -1199,6 +1202,9 @@ A <dfn export>fenced frame config instance</dfn> is a [=struct=] with the follow
 
   : <dfn>is ad component</dfn>
   :: A [=boolean=], initially false.
+
+  : <dfn>cross-origin reporting allowed</dfn>
+  :: A [=boolean=]. Defaulting to false.
 </dl>
 
 <div algorithm>
@@ -1283,6 +1289,9 @@ A <dfn export>fenced frame config instance</dfn> is a [=struct=] with the follow
 
     : [=fenced frame config instance/is ad component=]
     :: |config|'s [=fenced frame config/is ad component=]
+
+    : [=fenced frame config instance/cross-origin reporting allowed=]
+    :: |config|'s [=fenced frame config/cross-origin reporting allowed=]
 </div>
 
 Each [=browsing context=] has a <dfn for="browsing context">fenced frame config instance</dfn>,
@@ -1490,22 +1499,30 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
   };
 
   dictionary FenceEvent {
-    // This dictionary has two mutually exclusive modes that aren't represented as
-    // distinct IDL types due to distinguishability issues:
-    //
-    // When reporting to a preregistered destination (specified by enum), the following
-    // properties are used:
+    // This dictionary has two mutually exclusive modes:
+
+    // When reporting to a preregistered destination (specified by enum), the
+    // following properties are used:
     DOMString eventType;
     DOMString eventData;
     sequence&lt;FenceReportingDestination&gt; destination;
-
+
+    // Determines if this data can be sent in a reportEvent() beacon or automatic
+    // beacon that originates from a document that is cross-origin to the mapped
+    // URL of the fenced frame config that loaded this frame tree.
+    // Note that automatic beacon data can only be set from documents that are
+    // same-origin to the fenced frame config's mapped URL, so this effectively
+    // opts in the data to being used in a cross-origin subframe.
+    boolean crossOriginExposed = false;
+
     // When setting event data to be used later in an automatic beacon, the
     // following properties are used:
+    // Determines if the beacon data will be used for only the next automatic
+    // beacon event, or if it will be reused for all subsequent automatic beacons.
     boolean once = false;
-    boolean crossOriginExposed = false;
 
-    // When reporting to a custom destination URL (with substitution of macros defined by
-    // the Protected Audience buyer), the following property is used:
+    // When reporting to a custom destination URL (with substitution of macros
+    // defined by the buyer), the following property is used:
     USVString destinationURL;
   };
 
@@ -1529,19 +1546,31 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
 
   1. If |instance|'s [=fenced frame config instance/is ad component=] is true, then return.
 
-  1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s
-     [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then
-     return.
-
   1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
 
-  1. If |event| is a {{DOMString}}, run [=report a private aggregation event=] using |instance|'s
-     [=fenced frame config instance/fenced frame reporter=] with |event|.
+  1. If |event| is a {{DOMString}}:
+
+     1. If the [=relevant settings object=]'s [=environment settings object/origin=] and
+        |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
+        origin=], then return.
+
+     1. Run [=report a private aggregation event=] using |instance|'s [=fenced frame config
+        instance/fenced frame reporter=] with |event|.
 
   1. If |event| is a {{FenceEvent}}:
 
      1. If |event|'s {{FenceEvent/eventType}} [=string/starts with=] "`reserved.`", then return.
 
+     1. If all of the following conditions are true:
+
+        * the [=relevant settings object=]'s [=environment settings object/origin=] and
+          |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
+          origin=];
+        * either |event|'s {{FenceEvent/crossOriginExposed}} is false or |instance|'s
+          [=fenced frame config instance/cross-origin reporting allowed=] is false;   
+
+        then return.
+
      1. If |event| has a {{FenceEvent/destinationURL}}:
         1. If |event| has a {{FenceEvent/destination}} or a {{FenceEvent/eventType}} or a
            {{FenceEvent/eventData}}:
@@ -1595,6 +1624,17 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
   <wpt>
     /fenced-frame/fence-report-event.https.html
     /fenced-frame/fence-report-event-destination-url.https.html
+    /fenced-frame/fence-report-event-cross-origin-content-initiated.https.html 
+    /fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html 
+    /fenced-frame/fence-report-event-cross-origin-nested.https.html 
+    /fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html 
+    /fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html 
+    /fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html 
+    /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html 
+    /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html 
+    /fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html 
+    /fenced-frame/fence-report-event-cross-origin.https.html 
+    /fenced-frame/fence-report-event-sub-fencedframe.https.html 
   </wpt>
 </div>
 
@@ -2653,6 +2693,11 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le
       1. Set |config|'s [=fenced frame config/embedder shared storage context=] to
          |sharedStorageContext|.
 
+      1. If |response| is non-null, set |config|'s [=fenced frame config/cross-origin reporting
+         allowed=] to the result of running [=header list/get a structured field value=] on
+         |response|'s [=response/header list=] given
+         "<code>Allow-Cross-Origin-Event-Reporting</code>" and "`item`".
+
       1. Set <var ignore>sourceSnapshotParams</var>'s [=source snapshot params/target fenced frame
          config=] to |config|.