From 5b2d8c8a00eeee4b598a3d4b4aa4db9d5123b94e Mon Sep 17 00:00:00 2001 From: Liam Brady Date: Wed, 10 Apr 2024 17:49:33 -0400 Subject: [PATCH] start work --- spec.bs | 75 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 15 deletions(-) diff --git a/spec.bs b/spec.bs index 7d580e4..4f0ab56 100644 --- a/spec.bs +++ b/spec.bs @@ -1146,6 +1146,9 @@ A fenced frame config is a [=struct=] with the following [=str : is ad component :: A [=boolean=]. Defaulting to false. + + : cross-origin reporting allowed + :: A [=boolean=]. Defaulting to false. Note: When true, this [=fenced frame config=] reprsents an ad component. An ad component can be @@ -1199,6 +1202,9 @@ A fenced frame config instance is a [=struct=] with the follow : is ad component :: A [=boolean=], initially false. + + : cross-origin reporting allowed + :: A [=boolean=]. Defaulting to false.
@@ -1283,6 +1289,9 @@ A fenced frame config instance is a [=struct=] with the follow : [=fenced frame config instance/is ad component=] :: |config|'s [=fenced frame config/is ad component=] + + : [=fenced frame config instance/cross-origin reporting allowed=] + :: |config|'s [=fenced frame config/cross-origin reporting allowed=]
Each [=browsing context=] has a fenced frame config instance, @@ -1490,22 +1499,30 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. }; dictionary FenceEvent { - // This dictionary has two mutually exclusive modes that aren't represented as - // distinct IDL types due to distinguishability issues: - // - // When reporting to a preregistered destination (specified by enum), the following - // properties are used: + // This dictionary has two mutually exclusive modes: + + // When reporting to a preregistered destination (specified by enum), the + // following properties are used: DOMString eventType; DOMString eventData; sequence<FenceReportingDestination> destination; - + + // Determines if this data can be sent in a reportEvent() beacon or automatic + // beacon that originates from a document that is cross-origin to the mapped + // URL of the fenced frame config that loaded this frame tree. + // Note that automatic beacon data can only be set from documents that are + // same-origin to the fenced frame config's mapped URL, so this effectively + // opts in the data to being used in a cross-origin subframe. + boolean crossOriginExposed = false; + // When setting event data to be used later in an automatic beacon, the // following properties are used: + // Determines if the beacon data will be used for only the next automatic + // beacon event, or if it will be reused for all subsequent automatic beacons. boolean once = false; - boolean crossOriginExposed = false; - // When reporting to a custom destination URL (with substitution of macros defined by - // the Protected Audience buyer), the following property is used: + // When reporting to a custom destination URL (with substitution of macros + // defined by the buyer), the following property is used: USVString destinationURL; }; @@ -1529,19 +1546,31 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. 1. If |instance|'s [=fenced frame config instance/is ad component=] is true, then return. - 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and |instance|'s - [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same origin=], then - return. - 1. If |instance|'s [=fenced frame config instance/fenced frame reporter=] is null, then return. - 1. If |event| is a {{DOMString}}, run [=report a private aggregation event=] using |instance|'s - [=fenced frame config instance/fenced frame reporter=] with |event|. + 1. If |event| is a {{DOMString}}: + + 1. If the [=relevant settings object=]'s [=environment settings object/origin=] and + |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same + origin=], then return. + + 1. Run [=report a private aggregation event=] using |instance|'s [=fenced frame config + instance/fenced frame reporter=] with |event|. 1. If |event| is a {{FenceEvent}}: 1. If |event|'s {{FenceEvent/eventType}} [=string/starts with=] "`reserved.`", then return. + 1. If all of the following conditions are true: + + * the [=relevant settings object=]'s [=environment settings object/origin=] and + |instance|'s [=fenced frame config instance/mapped url=]'s [=url/origin=] are not [=same + origin=]; + * either |event|'s {{FenceEvent/crossOriginExposed}} is false or |instance|'s + [=fenced frame config instance/cross-origin reporting allowed=] is false; + + then return. + 1. If |event| has a {{FenceEvent/destinationURL}}: 1. If |event| has a {{FenceEvent/destination}} or a {{FenceEvent/eventType}} or a {{FenceEvent/eventData}}: @@ -1595,6 +1624,17 @@ Several APIs specific to fenced frames are defined on the {{Fence}} interface. /fenced-frame/fence-report-event.https.html /fenced-frame/fence-report-event-destination-url.https.html + /fenced-frame/fence-report-event-cross-origin-content-initiated.https.html + /fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html + /fenced-frame/fence-report-event-cross-origin-nested.https.html + /fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html + /fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html + /fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html + /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html + /fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html + /fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html + /fenced-frame/fence-report-event-cross-origin.https.html + /fenced-frame/fence-report-event-sub-fencedframe.https.html @@ -2653,6 +2693,11 @@ CORP violation report=] algorithm, as leaving it unfenced may cause a privacy le 1. Set |config|'s [=fenced frame config/embedder shared storage context=] to |sharedStorageContext|. + 1. If |response| is non-null, set |config|'s [=fenced frame config/cross-origin reporting + allowed=] to the result of running [=header list/get a structured field value=] on + |response|'s [=response/header list=] given + "Allow-Cross-Origin-Event-Reporting" and "`item`". + 1. Set sourceSnapshotParams's [=source snapshot params/target fenced frame config=] to |config|.