@@ -58,7 +58,8 @@ spec: RFC8941; urlPrefix: https://httpwg.org/specs/rfc8941.html
58
58
for: structured header
59
59
text: boolean; url: boolean
60
60
text: integer; url: integer
61
- text: boolean; url: boolean
61
+ text: list; url: list
62
+ text:string; url: string
62
63
spec: WebAssembly; urlPrefix: https://webassembly.github.io/spec/core/
63
64
type: dfn
64
65
urlPrefix: appendix/embedding.html
@@ -1061,9 +1062,9 @@ To <dfn>validate and convert auction ad config</dfn> given an {{AuctionAdConfig}
1061
1062
1. If |config|["{{AuctionAdConfig/trustedScoringSignalsURL}}"] [=map/exists=] :
1062
1063
1. Let |trustedScoringSignalsURL| be the result of running the [=URL parser=] on
1063
1064
|config|["{{AuctionAdConfig/trustedScoringSignalsURL}}"] .
1064
- 1. If |trustedScoringSignalsURL| is failure, or it is not [=same origin=] with |auctionConfig |'s
1065
- [=auction config/seller=] , then return failure.
1066
- 1. [=Assert=] : |trustedScoringSignalsURL|'s [=url/scheme=] is "`https`".
1065
+ 1. If |trustedScoringSignalsURL| is failure, or |trustedScoringSignalURL |'s
1066
+ [=url/scheme=] is not "`https`" , then return failure.
1067
+ 1. XXX, this is missing a bunch of checks!
1067
1068
1. Set |auctionConfig|'s [=auction config/trusted scoring signals url=] to
1068
1069
|trustedScoringSignalsURL|.
1069
1070
1. If |config|["{{AuctionAdConfig/maxTrustedScoringSignalsURLLength}}"] [=map/exists=] :
@@ -1889,20 +1890,26 @@ or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, a
1889
1890
[=generated bid/ad component descriptors=] :
1890
1891
1. [=list/Append=] [=URL serializer|serialized=] |adComponentDescriptor|'s [=ad descriptor/url=]
1891
1892
to |adComponentRenderURLs|.
1892
- 1. Let |fullSignalsUrl| be the result of [=building trusted scoring signals url=] with |auctionConfig|'s
1893
- [=auction config/trusted scoring signals url=] , «|renderURL|», |adComponentRenderURLs|,
1894
- |auctionConfig|'s [=auction config/seller experiment group id=] , and |topLevelOrigin|.
1895
-
1896
- Implementations may batch requests by collecting render URLs and ad component render URLs
1897
- from multiple invocations of [=score and rank a bid=] and passing them all to a single invocation
1898
- of [=building trusted scoring signals url=] to get a |scoringSignalsUrl|. By employing this approach,
1899
- the [=string/length=] of [=URL serializer|serialized=] |scoringSignalsUrl| must not exceed the
1900
-
1901
- [=auction config/max trusted scoring signals url length=] of the auction. In cases where the length
1902
- limit is exceeded, the request must be divided into smaller pieces to comply with the length restriction.
1903
- However, note that a single request is always considered valid, regardless of whether its length exceeds
1904
- the auction's [=auction config/max trusted scoring signals url length=] .
1905
-
1893
+ 1. Let |crossOriginTrustedScoringSignalsOrigin| be null.
1894
+ 1. Let |fullSignalsUrl| be null.
1895
+ 1. If |auctionConfig|'s [=auction config/trusted scoring signals url=] is not null:
1896
+ 1. Let |fullSignalsUrl| be the result of [=building trusted scoring signals url=] with |auctionConfig|'s
1897
+ [=auction config/trusted scoring signals url=] , «|renderURL|», |adComponentRenderURLs|,
1898
+ |auctionConfig|'s [=auction config/seller experiment group id=] , and |topLevelOrigin|.
1899
+
1900
+ Implementations may batch requests by collecting render URLs and ad component render URLs
1901
+ from multiple invocations of [=score and rank a bid=] and passing them all to a single invocation
1902
+ of [=building trusted scoring signals url=] to get a |scoringSignalsUrl|. By employing this approach,
1903
+ the [=string/length=] of [=URL serializer|serialized=] |scoringSignalsUrl| must not exceed the
1904
+ [=auction config/max trusted scoring signals url length=] of the auction. In cases where the length
1905
+ limit is exceeded, the request must be divided into smaller pieces to comply with the length restriction.
1906
+ However, note that a single request is always considered valid, regardless of whether its length exceeds
1907
+ the auction's [=auction config/max trusted scoring signals url length=] .
1908
+
1909
+ The network response has to be parsed to pull out the pieces relevant to each
1910
+ [=evaluating a scoring script|evaluation of a scoring script=] .
1911
+
1912
+ <<<<<<< Updated upstream
1906
1913
1907
1914
The network response has to be parsed to pull out the pieces relevant to each
1908
1915
[=evaluating a scoring script|evaluation of a scoring script=] .
@@ -1923,6 +1930,38 @@ or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, a
1923
1930
[=map/exists=] , then [=map/set=] |adComponentRenderURLsValue|[|adComponentRenderURL|] to
1924
1931
|allTrustedScoringSignals|["`adComponentRenderURLs`"][|adComponentRenderURL|] .
1925
1932
1. [=map/Set=] |trustedScoringSignals|["`adComponentRenderURLs`"] to |adComponentRenderURLsValue|.
1933
+ =======
1934
+ These requests may also begin before the script fetch, but requests cross-origin to the
1935
+ script origin must not happen until [:Ad-Auction-Allow-Trusted-Scoring-Signals-From:] header on
1936
+ the script is received, parsed, and determined to authorize such a fetch.
1937
+ 1. If |fullSignalsUrl| is not same [=same origin=] with |auctionConfig|'s [=auction config/seller=] ,
1938
+ then:
1939
+ 1. Set |crossOriginTrustedScoringSignalsOrigin| to |fullSignalsUrl|'s [=url/origin=] .
1940
+ 1. If |allowedCrossOriginTrustedScoringSignals| does not [=list/contain=] |crossOriginTrustedScoringSignalsOrigin|:
1941
+ 1. Set |crossOriginTrustedScoringSignalsOrigin| to null.
1942
+ 1. Set |fullSignalsUrl| to null.
1943
+ 1. Let |sameOriginTrustedScoringSignals| be null.
1944
+ 1. Let |crossOriginTrustedScoringSignals| be null.
1945
+ 1. If |fullSignalsUrl| is not null:
1946
+ 1. Let |trustedScoringSignals| be null.
1947
+ 1. Let «|allTrustedScoringSignals|, ignored, |scoringDataVersion|» be the result of [=fetching
1948
+ trusted signals=] with |fullSignalsUrl|, |auctionConfig|'s [=auction config/seller=] , and false.
1949
+ 1. If |allTrustedScoringSignals| is an [=ordered map=] :
1950
+ 1. Set |trustedScoringSignals| to a new empty [=map=] .
1951
+ 1. [=map/Set=] |trustedScoringSignals|["`renderURL`"] to a new empty [=map=] .
1952
+ 1. If |allTrustedScoringSignals|["`renderURLs`"] [=map/exists=] and
1953
+ |allTrustedScoringSignals|["`renderURLs`"][|renderURL|] [=map/exists=] , then [=map/set=] |trustedScoringSignals|["`renderURL`"][|renderURL|] to
1954
+ |allTrustedScoringSignals|["`renderURLs`"][|renderURL|] .
1955
+ 1. If |adComponentRenderURLs| is not [=list/empty=] :
1956
+ 1. Let |adComponentRenderURLsValue| be a new empty [=map=] .
1957
+ 1. If |allTrustedScoringSignals|["`adComponentRenderURLs`"] [=map/exists=] , [=set/for each=]
1958
+ |adComponentRenderURL| in |adComponentRenderURLs|:
1959
+ 1. If |allTrustedScoringSignals|["`adComponentRenderURLs`"][|adComponentRenderURL|]
1960
+ [=map/exists=] , then [=map/set=] |adComponentRenderURLsValue|[|adComponentRenderURL|] to
1961
+ |allTrustedScoringSignals|["`adComponentRenderURLs`"][|adComponentRenderURL|] .
1962
+ 1. [=map/Set=] |trustedScoringSignals|["`adComponentRenderURLs`"] to |adComponentRenderURLsValue|.
1963
+ 1. XXX --- cross or main. Do not wrap null. Actually, is that OK in the other case?
1964
+ >>>>>>> Stashed changes
1926
1965
1. Let |adMetadata| be |generatedBid|'s [=generated bid/ad=] .
1927
1966
1. Let |bidValue| be |generatedBid|'s [=generated bid/bid=] .
1928
1967
1. If |generatedBid|'s [=generated bid/modified bid=] is not null, then set |bidValue| to
@@ -1944,7 +1983,11 @@ or "component-auction", a [=currency tag=] |componentAuctionExpectedCurrency|, a
1944
1983
<dd> The result of [=serializing a currency tag=] with |generatedBid|'s [=generated bid/bid=]' s
1945
1984
[=bid with currency/currency=]
1946
1985
<dt> {{ScoringBrowserSignals/dataVersion}}
1947
- <dd> |scoringDataVersion| if it is not null, {{undefined}} otherwise
1986
+ <dd> |scoringDataVersion| if it is not null and |crossOriginTrustedScoringSignalsOrigin| is null,
1987
+ unset otherwise.
1988
+ <dt> {{ScoringBrowserSignals/crossOriginDataVersion}}
1989
+ <dd> |scoringDataVersion| if it is not null and |crossOriginTrustedScoringSignalsOrigin| is not
1990
+ null, unset otherwise.
1948
1991
<dt> {{ScoringBrowserSignals/adComponents}}
1949
1992
<dd> |generatedBid|'s [=generated bid/ad component descriptors=] [=converted to a string sequence=]
1950
1993
<dt> {{ScoringBrowserSignals/forDebuggingOnlyInCooldownOrLockout}}
@@ -2123,6 +2166,9 @@ To <dfn>validate fetching response</dfn> given a [=response=] |response|, null,
2123
2166
1. Return true.
2124
2167
</div>
2125
2168
2169
+ The <dfn http-header><code>Ad-Auction-Allow-Trusted-Scoring-Signals-From</code></dfn> HTTP response header is a
2170
+ [=structured header=] whose value must be a [=structured header/list=] of [=structured header/strings=] .
2171
+
2126
2172
<div algorithm>
2127
2173
To <dfn>fetch script</dfn> given a [=URL=] |url|:
2128
2174
1. Let |request| be a new [=request=] with the following properties:
@@ -4891,6 +4937,7 @@ dictionary ScoringBrowserSignals {
4891
4937
required DOMString bidCurrency;
4892
4938
4893
4939
unsigned long dataVersion;
4940
+ unsigned long crossOriginDataVersion;
4894
4941
sequence<USVString> adComponents;
4895
4942
boolean forDebuggingOnlyInCooldownOrLockout = false;
4896
4943
};
@@ -5245,10 +5292,6 @@ An <dfn>auction config</dfn> is a [=struct=] with the following [=struct/items=]
5245
5292
Provide a mechanism for making real-time data (information about a specific [=ad creative=] )
5246
5293
available for use at [=evaluate a scoring script|scoring=] time, e.g. the results of some ad
5247
5294
scanning system.
5248
- <p class="note">
5249
- When non-null, the [=auction config/trusted scoring signals url=] 's [=origin=] will always be
5250
- [=same origin=] with [=auction config/seller=] .
5251
- </p>
5252
5295
: <dfn>max trusted scoring signals url length</dfn>
5253
5296
:: A {{long}} integer, initially 0. Indicates the maximum trusted scoring signals fetch url length
5254
5297
for the auction config. 0 means no limit.
0 commit comments