Skip to content

Commit 07cae77

Browse files
apasel422apasel422
committed
Integrate Save-Impression header with fetch
1 parent a003309 commit 07cae77

File tree

1 file changed

+46
-0
lines changed

1 file changed

+46
-0
lines changed

api.bs

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1969,6 +1969,51 @@ To <dfn noexport>parse a `Save-Impression` header</dfn> given a [=header value=]
19691969

19701970
</div>
19711971

1972+
<div algorithm>
1973+
To <dfn noexport>handle Attribution headers</dfn> given a [=request=] |request|
1974+
and [=response=] |response|, run these steps:
1975+
1976+
1. If |request|'s [=request/destination=] is not one of the following,
1977+
return: `""`, `"image"`, `"script"`.
1978+
1979+
1. Let |saveImpressionHeader| be the result of [=header list/get|getting=] <code>[:Save-Impression:]</code> from |response|'s [=response/header list=].
1980+
1981+
1. If |saveImpressionHeader| is null, return.
1982+
1983+
1. Let |impressionOptions| be the result of [=parse a Save-Impression header|parsing=] |saveImpressionHeader|.
1984+
1985+
1. If |impressionOptions| is an error, return.
1986+
1987+
1. {{Attribution/saveImpression(options)|Save}} |impressionOptions|.
1988+
1989+
Issue: Consider allowing the `"document"` and `"video"` [=destination types=].
1990+
1991+
Issue: Allow processing only when |request| corresponds to {{Attribution/saveImpression}}'s `SecureContext` requirement.
1992+
1993+
Issue: Allow processing only when |response|'s [=response/URL=] is a [=potentially trustworthy URL=] and HTTP-family.
1994+
1995+
Issue: Figure out how to handle header-processing on intermediary responses during redirect.
1996+
1997+
Issue: {{Attribution/saveImpression(options)}} can't really be called directly here, as it assumes the existence of a script context.
1998+
We need to refactor it work in an HTTP context. For example, we need to figure out how to set the [=impression site=] and [=intermediary site=].
1999+
2000+
</div>
2001+
2002+
## Fetch monkey patches ## {#fetch-monkey-patches}
2003+
2004+
Modify [=HTTP-network fetch=] as follows:
2005+
2006+
<div algoritnm=fetch-monkey-patch>
2007+
After the step
2008+
2009+
> If <var ignore>includeCredentials</var> is true, then the user agent should parse and store response `Set-Cookie` headers given |request| and |response|.
2010+
2011+
add the step
2012+
2013+
1. [=Handle Attribution headers=] with |request| and |response|.
2014+
2015+
</div>
2016+
19722017
# Implementation Considerations # {#implementation-considerations}
19732018

19742019
* Management and distribution of values for the following:
@@ -3015,6 +3060,7 @@ The privacy architecture is courtesy of the authors of [[PPA-DP]].
30153060
<pre class=anchors>
30163061
urlPrefix: https://fetch.spec.whatwg.org/; spec: html; type: dfn
30173062
text: request origin; url: #concept-request-origin
3063+
text: HTTP-network fetch; url: #concept-http-network-fetch
30183064
urlPrefix: https://html.spec.whatwg.org/; spec: html; type: dfn
30193065
text: host; url: #concept-origin-host
30203066
text: obtain a site

0 commit comments

Comments
 (0)