search

WICG / floc

This proposal has been replaced by the Topics API.
https://github.com/patcg-individual-drafts/topics
Other
936 stars 90 forks source link

Origin trial, third party token "browser not supported" #110

Closed brian-ecker-adroll closed 3 years ago

brian-ecker-adroll commented 3 years ago

I'm attempting to run an third party origin trial test using a token that was registered as:

I am able to retrieve a floc ID and version from document.interestCohort when I dynamically inject the origin-trial token on a test page running on my origin. I get a result like {id: "1234", version: "chrome.1.1"}. But when I attempt to inject the origin-trial token on a test page different from my origin (i.e. in a third party context) the document.interestCohort function remains undefined.

macOS 10.15.2 Chrome 90.0.4430.93 chrome://settings/privacySandbox is enabled no ad blockers running with the following flags --enable-blink-features=InterestCohortAPI --enable-features="FederatedLearningOfCohorts:update_interval/10s/minimum_history_domain_size_required/1,FlocIdSortingLshBasedComputation,InterestCohortFeaturePolicy" https://floc.glitch.me/ works correctly

The script on both test pages is served from my origin. The only difference is the origin of the page itself.

michaelkleber commented 3 years ago

Hi @brian-ecker-adroll: Just to check, is your Origin Trial token being injected into the page by a third-party script that is loaded from the same domain that the token was issued to? Can you provide a link to the failing page?

@samdutton is a great source of help.

brian-ecker-adroll commented 3 years ago

Hi @michaelkleber. Yep the origin trial token is being injected into the page by a third-party script loaded from the same origin the token was issued to. Here's a link to a third-party use where it fails: http://adroll-cdn-staging.s3.amazonaws.com/daroit/thisisfine.html

And here's a link to a same-origin (first party use) example where it succeeds: https://s.adroll.com/tmp/daroit/thisisfine.html

michaelkleber commented 3 years ago

Aha: FLoC is only available in secure contexts. Load your failing page over HTTPS instead.

samdutton commented 3 years ago

Does testing with an HTTPS URL work for you?

If not, a couple of troubleshooting suggestions: • Can you see the token in the page by calling (say) document.querySelectorAll('meta[http-equiv="origin-trial"]') ? • Is the token injected before the call to document.interestCohort()?

I can see f.prototype.addTrialToken in roundtrip.js, but it's a little hard to work out where this is being called. (I also get a lot of net::ERR_BLOCKED_BY_CLIENT errors.)

brian-ecker-adroll commented 3 years ago

Ah yes, secure-only (HTTPS) appears to work. Thank you, @michaelkleber and @samdutton!