-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explainer change for separate rate-limits for embedded site #1457
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -980,6 +980,10 @@ were reported. | |
|
||
In order to achieve the privacy goals listed above the API has various rate limits, which can be found [here](https://github.com/WICG/attribution-reporting-api/blob/main/params/chromium-params.md) for Chromium. | ||
|
||
Note: Browsers may choose to allow separate rate limits for the embedded site | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is there a reason the explainer uses There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That’s just because the explainer mentions “top-level site” in that section, whereas the spec change is where we get the origin. |
||
for specific use cases (for example, [AMP](https://amp.dev) pages rendered by | ||
an AMP cache/viewer provider). | ||
|
||
### Trigger Data | ||
|
||
Trigger data, e.g. advertiser-side data, is extremely important for critical use | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1832,6 +1832,8 @@ To <dfn>check if cookie-based debugging is allowed</dfn> given a | |
To obtain the <dfn export for=node>context origin</dfn> of a [=node=] |node|, return |node|'s [=node navigable=]'s | ||
[=navigable/top-level traversable=]'s [=navigable/active document=]'s [=origin=]. | ||
|
||
Note: The user agent MAY return the embedded origin for specific use cases. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think this belongs in a note. We can instead phrase it as:
And then explain the reasoning or what an |
||
|
||
<h3 id="obtaining-randomized-response">Obtaining a randomized response</h3> | ||
|
||
To <dfn>obtain a randomized response</dfn> given |trueValue|, a [=set=] |possibleValues|, and a | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is
embedded site
standard terminology? If so, let's link to a definition of it. Otherwise, let's explain further. Same for the spec changes.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, IIUC the spec changes aren't limited to rate limits. Rather, they effectively replace the context origin in all uses across the entire spec.
For sources, this includes "max pending sources per source origin" and "max destinations covered by unexpired sources", which aren't explicitly considered "rate limits."
It also includes the source site in verbose debug report bodies.
For aggregatable reports, it affects the effective attribution destination and therefore "max aggregatable attribution reports per attribution destination".
IMO we should make it explicit that the context origin is entirely replaced, not just for rate-limit purposes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used “rate limits” to cover those limits as well. The destination limit is also discussed in this section, so I think it’s fine. I can mention storage limit explicitly if you feel strongly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The aforementioned limits aren't rate limits, as they do not expire after a specific window, and they are mentioned in different parts of the spec and explainer.