From 3911315db55a889bf9edfcf3872c30ae7a16ba72 Mon Sep 17 00:00:00 2001 From: qingxinwu <6334674+qingxinwu@users.noreply.github.com> Date: Mon, 23 Sep 2024 10:05:36 -0400 Subject: [PATCH] [Spec] Handle Ad-Auction-Result response header. (#1280) * Handle Ad-Auction-Result response header. * change list of hashes to a map from origin to hash * Remove adding padding. * fix a mistake in another pr. * revert a merge fix attemp. --------- Co-authored-by: Qingxin Wu --- spec.bs | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 51 insertions(+), 6 deletions(-) diff --git a/spec.bs b/spec.bs index 48cce048c..5653f5ce8 100644 --- a/spec.bs +++ b/spec.bs @@ -35,6 +35,8 @@ urlPrefix: https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonymity_serve type: dfn; text: k-anonymity; url: what-is-k-anonymity urlPrefix: https://developer.chrome.com/en/docs/privacy-sandbox/glossary/ type: dfn; text: ad creative; url: ad-creative +spec: RFC4648; urlPrefix: https://datatracker.ietf.org/doc/html/rfc4648 + type: dfn; text: base64url; url: section-5 spec: RFC6234; urlPrefix: https://www.ietf.org/rfc/rfc6234.txt type: dfn; text: SHA-256 urlPrefix: https://datatracker.ietf.org/doc/html/rfc8032 @@ -2773,9 +2775,15 @@ a {{ReportingBrowserSignals}} |browserSignals|, a [=direct from seller signals=] To parse and validate server response given an [=auction config=] |auctionConfig|, an [=auction config=]-or-null |topLevelAuctionConfig|, a [=global object=] |global|, a [=list=] of [=interest groups=] |bidIgs|, and a [=list=] of [=bid debug reporting info=] -|bidDebugReportInfoList|: +|bidDebugReportInfoList|, perform the following steps. They return a [=leading bid info=] or a failure. 1. [=Assert=] that these steps are running [=in parallel=]. +1. Let |hash| be the [=SHA-256=] of |auctionConfig|'s [=auction config/server response=]. +1. Let |capturedAuctionHeaders| be |global|'s [=associated Document's=] [=node navigable's=] + [=traversable navigable's=] [=traversable navigable/captured ad auction result headers=]. +1. Let |seller| be |auctionConfig|'s [=auction config/seller=]. +1. If |capturedAuctionHeaders|[|seller|] does not [=map/exist=] or does not [=list/contain=] |hash|, + then return failure. 1. Let |requestId| be the value of |auctionConfig|'s [=auction config/server response id=]. 1. Let |requestContexts| be the value of |global|'s [=associated Document's=] [=node navigable's=] [=traversable navigable's=] [=traversable navigable/saved Bidding and Auction request context=]. @@ -5576,9 +5584,6 @@ prevents a leak of the user's ad interest group membership to the server. # Fetch Patch for Auction Headers # {#fetch-patch-for-auction-headers} - Issue: TODO: Handle Bidding and Auction Server header. - (WICG/turtledove#1254) - This section specifies a manner by which some data, including [=additional bids=] and [=direct from seller signals=], may be provided to auctions such that the data is only used within their intended auction. @@ -5586,7 +5591,8 @@ their intended auction. Any {{Document}} in a [=traversable navigable=] may run a Protected Audience auction (with {{Window/navigator}}.{{Navigator/runAdAuction()}}) whose [=script runners=] functions receive signal objects derived from JSON from an [:Ad-Auction-Signals:] header, or [=additional bids=] derived from -an [:Ad-Auction-Additional-Bid:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call +an [:Ad-Auction-Additional-Bid:] header, or response blob's [=base64url=] encoded [=SHA-256=] hash +derived from an [:Ad-Auction-Result:] header, captured by a {{WindowOrWorkerGlobalScope/fetch()}} call (using the {{RequestInit/adAuctionHeaders}} option) initiated by any *other* {{Document}} in the *same* [=traversable navigable=], or from an iframe navigation @@ -5624,6 +5630,10 @@ the [=string representation=] of a [=version 4 UUID=] and whose [=map/values=] are [=server auction request contexts=]. +Each [=traversable navigable=] has a captured ad auction result +headers, which is a [=map=] whose [=map/keys=] are [=origins=] and [=map/values=] are +[=strings=]. +
Modify the definition of a [=request=]: @@ -5718,6 +5728,24 @@ corresponds to a single [=additional bid=]. The response may include more than o by specifying multiple instances of the [:Ad-Auction-Additional-Bid:] response header.
+

The \`Ad-Auction-Result\` +HTTP response header.

+ +The \`Ad-Auction-Result\` response header provides the +[=base64url=] encoded [=SHA-256=] hash of the response blob. Multiple hashes can be included in a +response by either repeating the header or by specifying multiple hashes separated by a "`,`" character. + +
+ 
+    Ad-Auction-Result: ungWv48Bz-pBQUDeXa4iI7ADYaOWF3qctBD_YfIAFa0=,9UTB-u-WshX66Xqz5DNCpEK9z-x5oCS5SXvgyeoRB1k=
+
+ is equivalent to + 
+    Ad-Auction-Result: ungWv48Bz-pBQUDeXa4iI7ADYaOWF3qctBD_YfIAFa0=
+    Ad-Auction-Result: 9UTB-u-WshX66Xqz5DNCpEK9z-x5oCS5SXvgyeoRB1k=
+
+
+
The following steps will be added to the [=HTTP fetch=] algorithm, immediately under the step "If internalResponse’s [=status=] is a [=redirect status=]:" @@ -5740,7 +5768,8 @@ The following step will be added to the [=HTTP fetch=] algorithm, before step [=node navigable=]'s [=traversable navigable=]. 1. Run [=update captured headers=] with |navigable|'s [=traversable navigable/captured ad auction signals headers=], |navigable|'s - [=traversable navigable/captured ad auction additional bids headers=], |response|'s + [=traversable navigable/captured ad auction additional bids headers=], |navigable|'s + [=traversable navigable/captured ad auction result headers=], |response|'s [=response/header list=], and |request|'s [=request/URL=]'s [=url/origin=].
@@ -5751,6 +5780,7 @@ The following algorithm will be added to the [[FETCH#fetching]] section: To update captured headers with a [=traversable navigable/captured ad auction signals headers=] |storedSignalsHeaders|, [=traversable navigable/captured ad auction additional bids headers=] |storedAdditionalBidsHeaders|, + [=traversable navigable/captured ad auction result headers=] |storedAuctionResultHeaders|, [=header list=] |responseHeaders|, and [=origin=] |requestOrigin|: 1. Let |adAuctionSignals| be the result of [=header list/getting=] [:Ad-Auction-Signals:] from |responseHeaders|. @@ -5762,6 +5792,7 @@ The following algorithm will be added to the [[FETCH#fetching]] section: the header value. 1. [=Handle ad auction signals header value=] given |adAuctionSignals|, |storedSignalsHeaders| and |requestOrigin|. + 1. Let |additionalBids| be the result of [=header list/getting, decoding, and splitting=] [:Ad-Auction-Additional-Bid:] from |responseHeaders|. 1. If |additionalBids| is not null: @@ -5777,6 +5808,20 @@ The following algorithm will be added to the [[FETCH#fetching]] section: 1. If |nonce|'s [=string/length=] is not 36, then [=iteration/continue=]. 1. Set |storedAdditionalBidsHeaders|[|nonce|] to |nonceAndAdditionalBid|[1]. + 1. Let |adAuctionResults| be the result of [=header list/getting, decoding, and splitting=] + [:Ad-Auction-Result:] from |responseHeaders|. + 1. If |adAuctionResults| is not null, [=list/for each=] |result| of |adAuctionResults|: + 1. [=Strip leading and trailing ASCII whitespace=] from |result|. + 1. If |result| is "", or contains [=code points=] U+002B (`+`) or U+002F (`/`), then + [=iteration/continue=]. + 1. Replace every U+2212 (`-`) [=code point=] in |result| with U+002B (`+`). + 1. Replace every U+005F(`_`) [=code point=] in |result| with U+002F (`/`). + 1. Let |hash| be the result of running [=forgiving-base64 decode=] with |result|. + 1. If |hash| is not failure, and |hash|'s [=string/length=] is 32: + 1. If |storedAuctionResultHeaders|[|requestOrigin|] [=map/exists=], then [=list/append=] |hash| + to |storedAuctionResultHeaders|. + 1. Otherwise, [=map/set=] |storedAuctionResultHeaders|[|requestOrigin|] to « |hash| ». +