You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The topics a request is allowed to see can change within its redirect chain. For example, different caller domains may receive different topics, as the callers can only get the topics about the sites they were on. The timestamp can also affect the candidate epochs where the topics are derived from, thus resulting in different topics across redirects.
564
564
</p>
565
-
1. Let |initiatorWindow| be |request|'s [=request/window=].
566
565
1. Let |requestOrigin| be |request|'s [=request/URL=]'s [=url/origin=].
567
566
1. If |requestOrigin| is not a [=potentially trustworthy origin=], then return.
568
-
1. If |initiatorWindow| is not an [=environment settings object=], then return.
569
-
1. If |initiatorWindow| is not a [=secure context=], then return.
567
+
1. Let |client| be |request|'s [=request/client=].
568
+
1. If |client| is not an [=environment settings object=], then return.
569
+
1. If |client|'s [=environment settings object/global object=] is not a {{Window}} object, then return.
570
+
1. If |client| is not a [=secure context=], then return.
570
571
1. For each feature |f| in « "<code>browsing-topic</code>", "<code>interest-cohort</code>" »:
571
572
1. Run the <a href="https://www.w3.org/TR/permissions-policy-1/#algo-should-request-be-allowed-to-use-feature">Should request be allowed to use feature?</a> algorithm with <var ignore=''>feature</var> set to |f| and <var ignore=''>request</var> set to |request|. If the algorithm returns false, then return.
572
573
573
574
Note: the above algorithm should include the <a href="https://github.com/w3c/webappsec-permissions-policy/pull/499">pending update</a>, i.e. the |request| should be considered to contain the equivalent opt-in flags for both "browsing-topic" and the "interest-cohort" feature.
574
-
1. Let |topLevelDocument| be |initiatorWindow|'s [=environment settings object/global object=]'s [=Window/navigable=]'s [=navigable/top-level traversable=]'s [=navigable/active document=].
575
+
1. Let |topLevelDocument| be |client|'s [=environment settings object/global object=]'s [=Window/navigable=]'s [=navigable/top-level traversable=]'s [=navigable/active document=].
575
576
1. Let |topicsCallerContext| be a [=topics caller context=] with default initial field values.
576
577
1. Set |topicsCallerContext|'s [=topics caller context/caller domain=] to |requestOrigin|'s [=origin/host=]'s [=host/registrable domain=].
577
578
1. Set |topicsCallerContext|'s [=topics caller context/top level context domain=] to |topLevelDocument|'s [=Document/origin=]'s [=origin/host=]'s [=host/registrable domain=].
To <dfn>handle topics response</dfn>, given a [=response=] |response| and a [=request=] request:
666
667
1. If |request|'s [=request/header list=] does not [=list/contain=] [:Sec-Browsing-Topics:] (implying the |request|'s [=request/current URL=] is not eligible for topics), then return.
667
-
1. Let |topLevelDocument| be |request|'s [=request/window=]'s [=environment settings object/global object=]'s [=Window/navigable=]'s [=navigable/top-level traversable=]'s [=navigable/active document=].
668
+
1. Let |topLevelDocument| be |request|'s [=request/client=]'s [=environment settings object/global object=]'s [=Window/navigable=]'s [=navigable/top-level traversable=]'s [=navigable/active document=].
668
669
1. Let |callerOrigin| be |request|'s [=request/current URL=]'s [=url/origin=].
669
670
1. If the user preference setting or other user agent-defined mechanisms like <a href="https://github.com/privacysandbox/attestation">enrollment</a> disallows access to topics from |topLevelDocument| given |callerOrigin|, then return.
670
671
1. Let |callerDomain| be |callerOrigin|'s [=origin/host=]'s [=host/registrable domain=].
0 commit comments