HTTP API for Measure Conversion #280
Conversation
martinthomson
left a comment
martinthomson
left a comment
There was a problem hiding this comment.
This is the easy part. Getting the answer is the hard part.
apasel422
force-pushed
the
conv-http
branch
from
41307b2 to
c8a91ed
Compare
|
Discussed in the Oct 14 call - let's wait to merge until we have support for sending the report. |
I think we need to deal with #189 first. |
apasel422
force-pushed
the
conv-http
branch
2 times, most recently
from
a2d8c3b to
2cb35d5
Compare
apasel422
force-pushed
the
conv-http
branch
2 times, most recently
from
091765c to
578defb
Compare
|
@martinthomson Please take another look. |
| :: "`no-store`" | ||
| : [=request/keepalive=] | ||
| :: true | ||
| 1. [=Fetch=] |request|, optionally retrying in the event of an error. |
There was a problem hiding this comment.
Is the optional retry a feature of keepalive? If it isn't, should it be. It seems a bit wrong to include that capability here specifically, when the overall goal of keepalive is to make that sort of thing possible generically.
There was a problem hiding this comment.
I don't believe automatic retry is inherent to keepalive, based on the MDN documentation. That said, I've been reading more about keepalive, and it's unclear to me if we want or need to use it here, and in general it opens a question about what entity is making the report-transmission request here.
I'd argue that the Attribution API's need to send reports is similar to https://w3c.github.io/reporting/, in that the report-creation step is asynchronous, and not necessarily done within the context of a page. We may want to take inspiration from https://w3c.github.io/reporting/#try-delivery, or at least get advice from someone else about this.
https://fetch.spec.whatwg.org/#fetch-elsewhere-request also implies something along those lines:
If your fetching is not directly web-exposed, e.g., it is sent in the background without relying on a current Window or Worker, leave request’s client as null and set the request’s origin, policy container, service-workers mode, and referrer to appropriate values instead, e.g., by copying them from the environment settings object ahead of time.
I added some inline issues to the spec to discuss this, but would appreciate your thoughts.
There was a problem hiding this comment.
That text is about fetches that have no real connection to any active realm. That's not the case here as we always have a Window involved. (We're not presently talking about a Worker, though we could use the Worker's settings object if we wanted to.)
Reporting basically deliberately disassociates the report sending from where the reports are collected. I don't think that's the case here. We're only attaching the HTTP API to fetches that have direct effect on an active window, so we rely on having an active context.
| :: true | ||
| 1. [=Fetch=] |request|, optionally retrying in the event of an error. | ||
|
|
||
| Issue: Should the request use a more specific content-type? |
There was a problem hiding this comment.
If we're doing DAP only for now, we could hard-code this. Or we could put the content type into the value we supply and interrogate that. We could add to AttributionConversionResult.
There was a problem hiding this comment.
The caller of the API is at least theoretically aware of what protocol is being used, even if we support something other than DAP, as the caller chooses the aggregation service, so I'm somewhat reluctant to redundantly include it as part of the request body, which would mean defining some wrapper format around just the encrypted bytes of the report.
In other words, I think whatever we choose should just go in the Content-Type header. Does DAP have an existing media type? If not, we could consider registering one but go with application/octet-stream for now.
There was a problem hiding this comment.
Yes, DAP has a media type, but from our perspective, we'd need to add that to AttributionConversionResult to get it through to this point (unless you wanted to play games with slots, I guess).
Co-authored-by: Martin Thomson <[email protected]>
Co-authored-by: Martin Thomson <[email protected]>
Co-authored-by: Martin Thomson <[email protected]>
Co-authored-by: Martin Thomson <[email protected]>
martinthomson
left a comment
martinthomson
left a comment
There was a problem hiding this comment.
Hopefully, these responses help.
I'll not be around for a few weeks. I'm happy for you to merge on the basis of the suggestions I've made; though if you want to discuss more, you might either have to be patient or open issues to track those.
| Issue: Should the request's [=request/service-workers mode=] be "`none`" instead | ||
| of the default of "`all`"? |
There was a problem hiding this comment.
I would tentatively say no. Whatever keepalive does is fine here.
| :: "`no-store`" | ||
| : [=request/keepalive=] | ||
| :: true | ||
| 1. [=Fetch=] |request|, optionally retrying in the event of an error. |
There was a problem hiding this comment.
That text is about fetches that have no real connection to any active realm. That's not the case here as we always have a Window involved. (We're not presently talking about a Worker, though we could use the Worker's settings object if we wanted to.)
Reporting basically deliberately disassociates the report sending from where the reports are collected. I don't think that's the case here. We're only attaching the HTTP API to fetches that have direct effect on an active window, so we rely on having an active context.
| Issue: Should the request's [=request/service-workers mode=] be "`none`" instead | ||
| of the default of "`all`"? | ||
|
|
||
| Issue: Should the request's [=request/unsafe-request flag=] be set? |
There was a problem hiding this comment.
This is largely moot. We're using POST with something other than application/x-www-form-urlencoded, so we'll be doing a preflight for any report. We can't really avoid doing that, and nor should we try. Enterprises might not like us pushing these reports at random servers, even though the opportunity for attack seems very much remote (no site can really control the content of reports).
| Issue: Should the request's [=request/referrer=] be "`no-referrer`" instead of | ||
| the default of "`client"`? |
There was a problem hiding this comment.
For this, it might make sense to use |url|. Setting this to "client" will mean no referer header, which isn't quite right for this.
| Issue: Should the request's [=request/destination=] be something other than the | ||
| default of the empty string, e.g. "`report`" or even a new value? |
There was a problem hiding this comment.
Empty seems right. We'll be keeping good company. We could attempt to define a destination, but I believe that that is possible to do later, if we think that the destination might help us do something special, like have specific CSP rules. Right now, I think we're OK relying on permissions policy and the standard connect-src rules from CSP, but we might decide to add a CSP-level control in future for this.
| Issue: Should the request's [=request/redirect mode=] be something other than the | ||
| default of "`follow`"? |
| Issue: Should the request use a `null` client instead, per | ||
| <a href="https://fetch.spec.whatwg.org/#fetch-elsewhere-request">the `fetch` | ||
| specification's guidance</a>? |
There was a problem hiding this comment.
I don't think that applies, see above.
3 participants
Fixes #31
Preview | Diff