Open zhengweiwithoutthei opened 2 years ago
+1 for removing this given how some ad tags can be loaded in a cross-origin iframe.
Any update on this?
Hi team, any updates on this?
Thanks for raising this and your patience.
Current opt-in model requires sites to explicitly allow iframes for token operations. This is helpful considering there can be at most 2 distinct issuers per top level page.
However, your concerns are valid and we are looking for solutions to alleviate the adoption pains for pages and IVT vendors.
According to https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit?usp=sharing
However, it is not uncommon the ad tag is loaded inside a cross-origin iframe where the ad tach company has no control of. In some cases, this number can be over 50%. It is not practical to reach out to all affected publishers to add the feature policy to their iframes.
Removing this feature policy should significantly increase the trust token coverage.