Closed blu25 closed 2 months ago
window.fence.reportEvent()
will now support being sent from documents
Methods cannot be sent. Do you mean exposed? Or am I missing something?
The same-origin document opts in with a new "Allow-Cross-Origin-Event-Reporting=true" response header. The cross-origin document opts in by calling reportEvent() with the crossOriginExposed=true parameter.
~Can you link to the rationale for why these are different?~
Edit: I think I misunderstood. Is "the same-origin document" just the fenced frame document? That is, the document created by the FencedFrameConfig, i.e., the top-level document in a <fencedframe>
element?
window.fence.reportEvent()
will now support being sent from documentsMethods cannot be sent. Do you mean exposed? Or am I missing something?
I mean exposed. The wording should be "Beacons can be sent with window.fence.reportEvent()
from documents that are cross-origin..."
The same-origin document opts in with a new "Allow-Cross-Origin-Event-Reporting=true" response header. The cross-origin document opts in by calling reportEvent() with the crossOriginExposed=true parameter.
~Can you link to the rationale for why these are different?~
Edit: I think I misunderstood. Is "the same-origin document" just the fenced frame document? That is, the document created by the FencedFrameConfig, i.e., the top-level document in a
<fencedframe>
element?
Yes. Same-origin iframes embedded in fenced frames have no control over the opt-in process. I'll update the wording to match that.
Reporting beacons can now be sent with
window.fence.reportEvent()
from documents that are cross origin to a fenced frame config's mapped URL. To do this, there must be opt-in from both the document created with the FencedFrameConfig as well as the cross-origin document that wants to send the beacon. The document created with the FencedFrameConfig opts in with a new "Allow-Cross-Origin-Event-Reporting=true" response header. The cross-origin document opts in by callingreportEvent()
with thecrossOriginExposed=true
parameter.This PR updates the spec to match that behavior. More specifically:
reportEvent()
to support being called from a document that is cross-origin to the fenced frame config's mapped URL.crossOriginExposed=true
opt-in from the document that's sending the beacon.Preview | Diff