Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add clearOriginJoinedAdInterestGroup to spec.bs #844

Merged
merged 16 commits into from
Oct 26, 2023
Merged

Add clearOriginJoinedAdInterestGroup to spec.bs #844

Changes from 10 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
e6f9c9d
Add clearOriginJoinedAdInterestGroup to spec.bs
MattMenke2 Oct 5, 2023
a1c6a7e
Update spec.bs
MattMenke2 Oct 5, 2023
44cff6d
Update spec.bs
MattMenke2 Oct 5, 2023
e77a7dc
Update spec.bs
MattMenke2 Oct 5, 2023
5cd22de
Update spec.bs
MattMenke2 Oct 5, 2023
56125fb
Update spec.bs
MattMenke2 Oct 5, 2023
0e0a996
Update spec.bs
MattMenke2 Oct 5, 2023
a7aef5f
Update spec.bs
MattMenke2 Oct 12, 2023
bd0d0c9
Update spec.bs
MattMenke2 Oct 12, 2023
af2744c
Update spec.bs
MattMenke2 Oct 17, 2023
283cbd7
Update spec.bs
MattMenke2 Oct 20, 2023
f5ac9b7
Update spec.bs
MattMenke2 Oct 20, 2023
ee2a856
Update spec.bs
MattMenke2 Oct 21, 2023
6ac49ce
Update spec.bs
MattMenke2 Oct 26, 2023
b71e7ba
Merge branch 'main' into MattMenke2-clearOriginJoinedAdInterestGroup
MattMenke2 Oct 26, 2023
79afd0d
Update spec.bs
MattMenke2 Oct 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 51 additions & 3 deletions spec.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,10 @@ spec: Shared Storage API; urlPrefix: https://wicg.github.io/shared-storage
text: shared-storage-select-url; url: #permissionspolicy-shared-storage-select-url
</pre>

<pre class=link-defaults>
spec:infra; type:dfn; text:user agent
</pre>

<style>
/* Put nice boxes around each algorithm. */
[data-algorithm]:not(.heading) {
Expand Down Expand Up @@ -318,7 +322,7 @@ This is detectable because it can change the set of fields that are read from th
1. Let |permission| be the result of [=checking interest group permissions=] with
|interestGroup|'s [=interest group/owner=], |frameOrigin|, and "`join`".
1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a
"{{NotAllowedError}}" {{DOMException}} and do not run the remaining steps.
"{{NotAllowedError}}" {{DOMException}} and abort these steps.
1. [=Queue a task=] to [=resolve=] |p| with `undefined`.
1. If the browser is currently storing an interest group with `owner` and `name` that matches
|interestGroup|, then set the [=interest group/bid counts=],
Expand Down Expand Up @@ -449,6 +453,7 @@ To <dfn>build an interest group permissions url</dfn> given a [=origin=] |ownerO

<h2 id="leaving-interest-groups">Leaving Interest Groups</h2>

<h3 id="leaveadinterestgroup">leaveAdInterestGroup()</h3>
{{Window/navigator}}.{{Navigator/leaveAdInterestGroup()}} removes a user from a particular interest
group.

Expand Down Expand Up @@ -492,7 +497,7 @@ are:
"[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a
"{{NotAllowedError}}" {{DOMException}}.

Note: both joining and leaving interest groups use the "join-ad-interest-group" feature.
Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature.
1. Let |owner| be the result of [=parsing an https origin=] with
|group|["{{AuctionAdInterestGroupKey/owner}}"].
1. If |owner| is failure, [=exception/throw=] a {{TypeError}}.
Expand All @@ -501,14 +506,57 @@ are:
1. Let |permission| be the result of [=checking interest group permissions=] with
|owner|, |frameOrigin|, and "`leave`".
1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a
"{{NotAllowedError}}" {{DOMException}} and do not run the remaining steps.
"{{NotAllowedError}}" {{DOMException}} and abort these steps.
1. [=Queue a task=] to [=resolve=] |p| with `undefined`.
1. [=list/Remove=] [=interest groups=] from the user agent's [=interest group set=] whose
[=interest group/owner=] is |owner| and [=interest group/name=] is |name|.
1. Return |p|.

</div>

<h3 id="clearoriginjoinedAdInterestGroups">clearOriginJoinedAdInterestGroups()</h3>
{{Window/navigator}}.{{Navigator/clearOriginJoinedAdInterestGroups()}} removes a user from
[=interest groups=] whose [=interest group/joining origin=] is the current top level page's
origin.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if this is called in a fenced frame? Why does "top level page" mean there? Basically I'm trying to see if we can link to one of these:

so we can make this more rigorous.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When run in a fenced frame, it behaves exactly like leaveAdInterestGroup() does when passed a non-empty group: It throws. Note that I exactly copied the verbiage for that, so if one is wrong, they both are. I assume the throwing is covered by the 'not allowed to use the "join-ad-interest-group" policy-controlled feature' bit, but could be wrong.

I copied "top level page's origin" from the definition of "joining origin" ("The top level page origin from where the interest group was joined.") - reusing terminology used when defining joining origin when mentioning joining origin seems reasonable to me. If that terminology is wrong, then that definition needs to be updated as well. The doc repeatedly refers to "top-level origin", which may be the term we want? I've replaced it here, but left joining origin's definition alone.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. With a new mode of fenced frames being introduced soon-ish that will allow arbitrary permission policies to be enabled inside of a fenced frame (I think), we should figure out what this API should do in that context outside of the usual permission policy restrictions. Basically I'm just trying to figure out if the behavior reached beyond the fenced frame and into the outermost main frame to grab the "top-level" origin, or if it is scoped to the fenced frame.

If you could point me to the part of the spec where we run the comparison between the "all interest group joining origins" and "the top level page's origin" (you know, to determine whether the user should be removed from the IG or not) then I think that'd help me answer this definitively.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The text for setting joining origin in joinAdInterestGroup is: "Set interestGroup’s joining origin to this's relevant settings object's top-level origin."

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK thanks, so the top-level origin is scoped to a fenced frame here, and does not transcend the boundary (i.e., does not "jump" the fence).

In that case, I think the test we should use here is:

...removes a user from [=interest groups=] whose [=interest group/joining origin=]
is the associated {{Navigator}}'s [=relevant settings object=]'s
[=environment/top-level origin=]

(Which should link to https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object and https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-top-level-origin respectively, of course)

Does that make sense / sound good?

Copy link
Contributor Author

@MattMenke2 MattMenke2 Oct 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, done.

Unless we're letting these fenced frames set 1P cookies for the fenced frame's origin, I suspect this behavior is not what we want, long term, since this is much akin to setting 1P cookies for the embedded frame (albeit 1P cookies that can only be accessed in an auction - using the top-level-page's joining origin is more like partitioned cookies), but don't think this PR is the place to iron that out.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's interesting. Let me just cc @shivanigithub just for extra exposure, but I agree that it shouldn't have a bearing on this PR specifically.



<xmp class="idl">
[SecureContext]
partial interface Navigator {
Promise<undefined> clearOriginJoinedAdInterestGroups(
USVString owner, optional sequence<USVString> interestGroupsToKeep = []);
domfarolino marked this conversation as resolved.
Show resolved Hide resolved
};
</xmp>

<div algorithm>

The <dfn for=Navigator method>clearOriginJoinedAdInterestGroups(|owner|, |interestGroupsToKeep|)</dfn>
method steps are:

1. Let |frameOrigin| be [=this=]'s [=relevant settings object=]'s
[=environment settings object/origin=].
1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`".
1. Let |p| be [=a new promise=].
1. If [=this=]'s [=relevant global object=]'s [=associated Document=] is not [=allowed to use=] the
"[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a
"{{NotAllowedError}}" {{DOMException}}.

Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature.
1. Let |ownerOrigin| be the result of [=parsing an https origin=] with |owner|.
1. If |ownerOrigin| is failure, [=exception/throw=] a {{TypeError}}.
domfarolino marked this conversation as resolved.
Show resolved Hide resolved
1. Run these steps [=in parallel=]:
1. Let |permission| be the result of [=checking interest group permissions=] with
|ownerOrigin|, |frameOrigin|, and "`leave`".
1. If |permission| is false, then [=queue a task=] to [=reject=] |p| with a
MattMenke2 marked this conversation as resolved.
Show resolved Hide resolved
"{{NotAllowedError}}" {{DOMException}} and abort these steps.
1. [=Queue a task=] to [=resolve=] |p| with {{undefined}}.
MattMenke2 marked this conversation as resolved.
Show resolved Hide resolved
1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=]
whose [=interest group/owner=] is |ownerOrigin|, whose [=interest group/joining origin=] is
|frameOrigin|, and whose [=interest group/name=] is not in |interestGroupsToKeep|.
1. Return |p|.

</div>

<h2 id="running-ad-auctions">Running Ad Auctions</h2>

When a website or someone working on behalf of the website (e.g. a supply side platform, SSP) wants
Expand Down