Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider removing landing page destination restriction #590

Closed
csharrison opened this issue Oct 25, 2022 · 4 comments · Fixed by #592
Closed

Consider removing landing page destination restriction #590

csharrison opened this issue Oct 25, 2022 · 4 comments · Fixed by #592
Labels
Looking for feedback

Comments

@csharrison
Copy link
Collaborator

Currently in the API for navigation sources, we have a restriction that a user must land on the destination site for the source to be valid. Otherwise, the source registration is ignored.

We are hearing cases of legitimate use-cases where this restriction is difficult to conform to, e.g.

  • Landing pages that are managed by third parties with different domains than the advertiser site
  • Conversion pages that are managed by third parties (e.g. purchase flows) on a different domain than the advertiser site or landing page

Additionally, the restriction in the API is no longer fully “load bearing” because event sources already have the capability to leak some amount of browsing history, which we protect with noise that is also present on navigation sources. Therefore it doesn’t feel as necessary to add additional protections on clicks which are already rate-limited by user interaction.

Note: this doesn’t fully solve the use cases detailed in #549 but it does partially solve the case where only a single domain is required to register conversions. Note that this also partially fixes #44.
@csharrison
Copy link
Collaborator Author

csharrison commented Oct 25, 2022
edited
Loading

Another issue that is solved by this: there are cases where the "redirect chain" includes JS-redirects, not just HTTP redirects. In the following case:

  • User clicks ad on publisher site for advertiser.com, which first pings ad1.com
  • Response from ad1.com, 302 redirect to ad2.com
  • Response from ad2.com navigates to ad2.com, JS-redirect using window.location to ad3.com
  • ad3.com does an HTTP redirect to advertiser.com

If all the ad1,ad2,ad3 respond properly with registration headers.

  • In the current API: none of the registrations will succeed
  • In the API after landing page restriction is removed, ad1,ad2 registrations will succeed. ad3 will still fail because of the user-gesture constraint.

cc @linnan-github

@logicad
Copy link
Contributor

logicad commented Oct 26, 2022

I support this proposal 👍

@mwakkiy
Copy link
Contributor

mwakkiy commented Oct 26, 2022

I also support this proposal.
We have several cases with our clients where Landing pages and Conversion pages have different domains.

@apasel422
Copy link
Collaborator

This would also simplify the implementation, which currently has to buffer sources until the landing page destination is known.

@csharrison csharrison mentioned this issue Oct 26, 2022
Merged
csharrison added a commit that referenced this issue Oct 26, 2022
@csharrison
Remove landing page restriction for nav sources (#592)
ad74087 
Fixes #590
This was referenced Oct 27, 2022
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Looking for feedback
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove landing page restriction for navigation sources WICG/attribution-reporting-api
5 participants
@csharrison @mwakkiy @apasel422 @maudnals @logicad