Having biddingLogicURL on a different origin than owner

[captify-mgruau]

Within the main FLEDGE explainer doc, we can read:

All fields that specify URLs for loading scripts or JSON (biddingLogicURL, biddingWasmHelperURL, trustedBiddingSignalsURL, and updateURL) must be same-origin with owner and must point to URLs whose responses include the HTTP response header Ad-Auction-Allowed: true to ensure they are allowed to be used for loading Protected Audience resources.

I would like to understand why this constraint was set in place. For us at Captify (and likely for others in the AdTech field), it could be interesting to have an AdTech company manage the creation and population of interest groups, while relying on DSPs to manage the bidding logic update. This would avoid us having to manage our bidding in 2 different places (on a DSP and within our own origin).

[rdgordon-index]

cf. https://github.com/WICG/turtledove/issues/813 as well

[captify-mgruau]

thanks - seems to be duplicate of the other, I'll close this one and will monitor #813 .

[captify-mgruau]

Duplicate of #813