diff --git a/spec.bs b/spec.bs
index 7d580e4..4f0ab56 100644
--- a/spec.bs
+++ b/spec.bs
@@ -1146,6 +1146,9 @@ A fenced frame config is a [=struct=] with the following [=str
: is ad component
:: A [=boolean=]. Defaulting to false.
+
+ : cross-origin reporting allowed
+ :: A [=boolean=]. Defaulting to false.
Note: When true, this [=fenced frame config=] reprsents an ad component. An ad component can be
@@ -1199,6 +1202,9 @@ A fenced frame config instance is a [=struct=] with the follow
: is ad component
:: A [=boolean=], initially false.
+
+ : cross-origin reporting allowed
+ :: A [=boolean=]. Defaulting to false.
@@ -1283,6 +1289,9 @@ A fenced frame config instance is a [=struct=] with the follow
: [=fenced frame config instance/is ad component=]
:: |config|'s [=fenced frame config/is ad component=]
+
+ : [=fenced frame config instance/cross-origin reporting allowed=]
+ :: |config|'s [=fenced frame config/cross-origin reporting allowed=]
Each [=browsing context=] has a fenced frame config instance,
@@ -1490,22 +1499,30 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
};
dictionary FenceEvent {
- // This dictionary has two mutually exclusive modes that aren't represented as
- // distinct IDL types due to distinguishability issues:
- //
- // When reporting to a preregistered destination (specified by enum), the following
- // properties are used:
+ // This dictionary has two mutually exclusive modes:
+
+ // When reporting to a preregistered destination (specified by enum), the
+ // following properties are used:
DOMString eventType;
DOMString eventData;
sequence<FenceReportingDestination> destination;
-
+
+ // Determines if this data can be sent in a reportEvent() beacon or automatic
+ // beacon that originates from a document that is cross-origin to the mapped
+ // URL of the fenced frame config that loaded this frame tree.
+ // Note that automatic beacon data can only be set from documents that are
+ // same-origin to the fenced frame config's mapped URL, so this effectively
+ // opts in the data to being used in a cross-origin subframe.
+ boolean crossOriginExposed = false;
+
// When setting event data to be used later in an automatic beacon, the
// following properties are used:
+ // Determines if the beacon data will be used for only the next automatic
+ // beacon event, or if it will be reused for all subsequent automatic beacons.
boolean once = false;
- boolean crossOriginExposed = false;
- // When reporting to a custom destination URL (with substitution of macros defined by
- // the Protected Audience buyer), the following property is used:
+ // When reporting to a custom destination URL (with substitution of macros
+ // defined by the buyer), the following property is used:
USVString destinationURL;
};
@@ -1529,19 +1546,31 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
1. If |instance|'s [=fenced frame config instance/is ad component=] is true, then return.
- 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s
- [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then
- return.
-
1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return.
- 1. If |event| is a {{DOMString}}, run [=report a private aggregation event=] using |instance|'s
- [=fenced frame config instance/fenced frame reporter=] with |event|.
+ 1. If |event| is a {{DOMString}}:
+
+ 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and
+ |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
+ origin=], then return.
+
+ 1. Run [=report a private aggregation event=] using |instance|'s [=fenced frame config
+ instance/fenced frame reporter=] with |event|.
1. If |event| is a {{FenceEvent}}:
1. If |event|'s {{FenceEvent/eventType}} [=string/starts with=] "`reserved.`", then return.
+ 1. If all of the following conditions are true:
+
+ * the [=relevant settings object=]'s [=environment settings object/origin=] and
+ |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same
+ origin=];
+ * either |event|'s {{FenceEvent/crossOriginExposed}} is false or |instance|'s
+ [=fenced frame config instance/cross-origin reporting allowed=] is false;
+
+ then return.
+
1. If |event| has a {{FenceEvent/destinationURL}}:
1. If |event| has a {{FenceEvent/destination}} or a {{FenceEvent/eventType}} or a
{{FenceEvent/eventData}}:
@@ -1595,6 +1624,17 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface.
/fenced-frame/fence-report-event.https.html
/fenced-frame/fence-report-event-destination-url.https.html
+ /fenced-frame/fence-report-event-cross-origin-content-initiated.https.html
+ /fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html
+ /fenced-frame/fence-report-event-cross-origin-nested.https.html
+ /fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html
+ /fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html
+ /fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html
+ /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html
+ /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html
+ /fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html
+ /fenced-frame/fence-report-event-cross-origin.https.html
+ /fenced-frame/fence-report-event-sub-fencedframe.https.html
@@ -2653,6 +2693,11 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le
1. Set |config|'s [=fenced frame config/embedder shared storage context=] to
|sharedStorageContext|.
+ 1. If |response| is non-null, set |config|'s [=fenced frame config/cross-origin reporting
+ allowed=] to the result of running [=header list/get a structured field value=] on
+ |response|'s [=response/header list=] given
+ "Allow-Cross-Origin-Event-Reporting" and "`item`".
+
1. Set sourceSnapshotParams's [=source snapshot params/target fenced frame
config=] to |config|.