[Spec] Handle Ad-Auction-Result response header. (WICG#1280)

* Handle Ad-Auction-Result response header. * change list of hashes to a map from origin to hash * Remove adding padding. * fix a mistake in another pr. * revert a merge fix attemp. --------- Co-authored-by: Qingxin Wu <qingxinwu@google.com>
qingxinwu · Sep 23, 2024 · 3911315 · 3911315
1 parent 61665eb
commit 3911315
Showing 1 changed file with 51 additions and 6 deletions.
diff --git a/spec.bs b/spec.bs
@@ -35,6 +35,8 @@ urlPrefix: https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonymity_serve
   type: dfn; text: k-anonymity; url: what-is-k-anonymity
 urlPrefix: https://developer.chrome.com/en/docs/privacy-sandbox/glossary/
   type: dfn; text: ad creative; url: ad-creative
+spec: RFC4648; urlPrefix: https://datatracker.ietf.org/doc/html/rfc4648
+  type: dfn; text: base64url; url: section-5
 spec: RFC6234; urlPrefix: https://www.ietf.org/rfc/rfc6234.txt
   type: dfn; text: SHA-256
 urlPrefix: https://datatracker.ietf.org/doc/html/rfc8032
@@ -2773,9 +2775,15 @@ a {{ReportingBrowserSignals}} |browserSignals|, a [=direct from seller signals=]
 To <dfn>parse and validate server response</dfn> given an [=auction config=] |auctionConfig|, an
 [=auction config=]-or-null |topLevelAuctionConfig|, a [=global object=] |global|,
 a [=list=] of [=interest groups=] |bidIgs|, and a [=list=] of [=bid debug reporting info=]
-|bidDebugReportInfoList|:
+|bidDebugReportInfoList|, perform the following steps. They return a [=leading bid info=] or a failure.
 
 1. [=Assert=] that these steps are running [=in parallel=].
+1. Let |hash| be the [=SHA-256=] of |auctionConfig|'s [=auction config/server response=].
+1. Let |capturedAuctionHeaders| be |global|'s [=associated Document's=] [=node navigable's=]
+  [=traversable navigable's=] [=traversable navigable/captured ad auction result headers=].
+1. Let |seller| be |auctionConfig|'s [=auction config/seller=].
+1. If |capturedAuctionHeaders|[|seller|] does not [=map/exist=] or does not [=list/contain=] |hash|,
+  then return failure.
 1. Let |requestId| be the value of |auctionConfig|'s [=auction config/server response id=].
 1. Let |requestContexts| be the value of |global|'s [=associated Document's=] [=node navigable's=]
   [=traversable navigable's=] [=traversable navigable/saved Bidding and Auction request context=].
@@ -5576,17 +5584,15 @@ prevents a leak of the user's ad interest group membership to the server.
 
 # Fetch Patch for Auction Headers # {#fetch-patch-for-auction-headers}
 
-    Issue: TODO: Handle Bidding and Auction Server header.
-    (<a href="https://github.com/WICG/turtledove/issues/1254">WICG/turtledove#1254</a>)
-
 This section specifies a manner by which some data, including [=additional bids=] and
 [=direct from seller signals=], may be provided to auctions such that the data is only used within
 their intended auction.
 
 Any {{Document}} in a [=traversable navigable=] may run a Protected Audience auction (with
 {{Window/navigator}}.{{Navigator/runAdAuction()}}) whose [=script runners=] functions receive signal
 objects derived from JSON from an [:Ad-Auction-Signals:] header, or [=additional bids=] derived from
-an [:Ad-Auction-Additional-Bid:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call
+an [:Ad-Auction-Additional-Bid:] header, or response blob's [=base64url=] encoded [=SHA-256=] hash
+derived from an [:Ad-Auction-Result:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call
 (using the {{RequestInit/adAuctionHeaders}} option) initiated by any *other* {{Document}} in the
 *same* [=traversable navigable=], or from an
 <a spec="html" lt="navigate an iframe or frame">iframe navigation</a>
@@ -5624,6 +5630,10 @@ the [=string representation=] of a [=version 4 UUID=] and whose [=map/values=]
 are [=server auction request contexts=].
 </div>
 
+Each [=traversable navigable=] has a <dfn for="traversable navigable">captured ad auction result
+headers</dfn>, which is a [=map=] whose [=map/keys=] are [=origins=] and [=map/values=] are
+[=strings=].
+
 <div algorithm="fetch capture adAuctionHeaders boolean patch">
 Modify the definition of a [=request=]:
 
@@ -5718,6 +5728,24 @@ corresponds to a single [=additional bid=]. The response may include more than o
 by specifying multiple instances of the [:Ad-Auction-Additional-Bid:] response header.
 </div>
 
+<h3 id=ad-auction-result-header>The \`<a http-header><code>Ad-Auction-Result</code></a>\`
+HTTP response header.</h3>
+
+The \`<dfn http-header><code>Ad-Auction-Result</code></dfn>\` response header provides the
+[=base64url=] encoded [=SHA-256=] hash of the response blob. Multiple hashes can be included in a
+response by either repeating the header or by specifying multiple hashes separated by a "`,`" character.
+
+<div id="ad-auction-result-example" class=example>
+  <pre highlight="js">
+    Ad-Auction-Result: ungWv48Bz-pBQUDeXa4iI7ADYaOWF3qctBD_YfIAFa0=,9UTB-u-WshX66Xqz5DNCpEK9z-x5oCS5SXvgyeoRB1k=
+  </pre>
+  is equivalent to
+  <pre highlight="js">
+    Ad-Auction-Result: ungWv48Bz-pBQUDeXa4iI7ADYaOWF3qctBD_YfIAFa0=
+    Ad-Auction-Result: 9UTB-u-WshX66Xqz5DNCpEK9z-x5oCS5SXvgyeoRB1k=
+  </pre>
+</div>
+
 <div algorithm="ad auction fetch redirect patch">
 The following steps will be added to the [=HTTP fetch=] algorithm, immediately under the step "If
 <var ignore>internalResponse</var>’s [=status=] is a [=redirect status=]:"
@@ -5740,7 +5768,8 @@ The following step will be added to the [=HTTP fetch=] algorithm, before step
     [=node navigable=]'s [=traversable navigable=].
   1. Run [=update captured headers=] with |navigable|'s
     [=traversable navigable/captured ad auction signals headers=], |navigable|'s
-    [=traversable navigable/captured ad auction additional bids headers=], |response|'s
+    [=traversable navigable/captured ad auction additional bids headers=], |navigable|'s
+    [=traversable navigable/captured ad auction result headers=], |response|'s
     [=response/header list=], and |request|'s [=request/URL=]'s [=url/origin=].
 
 </div>
@@ -5751,6 +5780,7 @@ The following algorithm will be added to the [[FETCH#fetching]] section:
   To <dfn id=concept-update-captured-headers>update captured headers</dfn> with a [=traversable
   navigable/captured ad auction signals headers=] |storedSignalsHeaders|,
   [=traversable navigable/captured ad auction additional bids headers=] |storedAdditionalBidsHeaders|,
+  [=traversable navigable/captured ad auction result headers=] |storedAuctionResultHeaders|,
   [=header list=] |responseHeaders|, and [=origin=] |requestOrigin|:
   1. Let |adAuctionSignals| be the result of [=header list/getting=] [:Ad-Auction-Signals:] from
     |responseHeaders|.
@@ -5762,6 +5792,7 @@ The following algorithm will be added to the [[FETCH#fetching]] section:
       the header value.
     1. [=Handle ad auction signals header value=] given |adAuctionSignals|, |storedSignalsHeaders| and
       |requestOrigin|.
+
   1. Let |additionalBids| be the result of [=header list/getting, decoding, and splitting=]
     [:Ad-Auction-Additional-Bid:] from |responseHeaders|.
   1. If |additionalBids| is not null:
@@ -5777,6 +5808,20 @@ The following algorithm will be added to the [[FETCH#fetching]] section:
       1. If |nonce|'s [=string/length=] is not 36, then [=iteration/continue=].
       1. Set |storedAdditionalBidsHeaders|[|nonce|] to |nonceAndAdditionalBid|[1].
 
+  1. Let |adAuctionResults| be the result of [=header list/getting, decoding, and splitting=]
+    [:Ad-Auction-Result:] from |responseHeaders|.
+  1. If |adAuctionResults| is not null, [=list/for each=] |result| of |adAuctionResults|:
+    1. [=Strip leading and trailing ASCII whitespace=] from |result|.
+    1. If |result| is "", or contains [=code points=] U+002B (`+`) or U+002F (`/`), then
+      [=iteration/continue=].
+    1. Replace every U+2212 (`-`) [=code point=] in |result| with U+002B (`+`).
+    1. Replace every U+005F(`_`) [=code point=] in |result| with U+002F (`/`).
+    1. Let |hash| be the result of running [=forgiving-base64 decode=] with |result|.
+    1. If |hash| is not failure, and |hash|'s [=string/length=] is 32:
+      1. If |storedAuctionResultHeaders|[|requestOrigin|] [=map/exists=], then [=list/append=] |hash|
+        to |storedAuctionResultHeaders|.
+      1. Otherwise, [=map/set=] |storedAuctionResultHeaders|[|requestOrigin|] to « |hash| ».
+
 </div>
 
 <div algorithm>