Make the attributionsrc ping optional (#444)

* Make the attributionsrc ping optional Resolves #378 * Update EVENT.md * Update EVENT.md * Update EVENT.md * Update EVENT.md Co-authored-by: Andrew Paseltiner <apaseltiner@google.com> * Update EVENT.md Co-authored-by: Andrew Paseltiner <apaseltiner@google.com> * Update EVENT.md * Update EVENT.md Co-authored-by: Charlie Harrison <csharrison@chromium.org> * Allow script elements to use attribution (#447) Resolves #446 Co-authored-by: Andrew Paseltiner <apaseltiner@google.com> Co-authored-by: Andrew Paseltiner <apaseltiner@google.com> Co-authored-by: Charlie Harrison <csharrison@chromium.org>
WICG · May 27, 2022 · 3e365fb · 3e365fb
1 parent 62a2150
commit 3e365fb
Showing 1 changed file with 30 additions and 16 deletions.
diff --git a/EVENT.md b/EVENT.md
@@ -107,8 +107,14 @@ Protocol](https://github.com/brave/brave-browser/wiki/Security-and-privacy-model
 
 ### Registering attribution sources
 
-Attribution sources are events which future triggers can be attributed to. There
-are two types of attribution sources, `navigation` sources and `event` sources.
+Attribution sources are events which future triggers can be attributed to.
+
+Sources are registered by returning a new HTTP response header on requests
+which are eligible for attribution. A request is eligible as long as it has
+the `Attribution-Reporting-Eligible` request header.
+
+There are two types of attribution sources, `navigation` sources and `event`
+sources.
 
 `navigation` sources are registered via clicks on anchor tags:
 ```html
@@ -129,13 +135,28 @@ window.open(
   `attributionsrc=${encoded}`);
 ```
 
-`event` sources do not require any user interaction and are registered via
-`<img>` tags with the new `attributionsrc` attribute too:
+`event` sources do not require any user interaction and can be registered via
+`<img>` or `<script>` tags with the new `attributionsrc` attribute:
 ```html
 <img src="https://advertiser.example/pixel"
      attributionsrc="https://adtech.example/attribution_source?my_ad_id=123">
+
+<script src="https://advertiser.example/register-view"
+        attributionsrc="https://adtech.example/attribution_source?my_ad_id=123">
 ```
-or via a JavaScript API:
+
+Specifying a URL value for `attributionsrc` within `<a>`, `<img>`, `<script>` or
+`window.open` will cause the browser to initiate a separate `keepalive` fetch
+request which includes the `Attribution-Reporting-Eligible` request header.
+
+When the `attributionsrc` attribute is present in these surfaces/APIs, both with
+and without a value, existing requests made via `src`/`href` attributes or
+`window.open` will now include the `Attribution-Reporting-Eligible` request
+header. Each of these requests will be able to register attribution sources.
+
+`event` sources can also be registered using existing JavaScript request 
+APIs by setting the `Attribution-Reporting-Eligible` header manually:
+
 ```javascript
 const headers = {
   'Attribution-Reporting-Eligible': 'event-source'
@@ -145,18 +166,11 @@ window.fetch("https://adtech.example/attribution_source?my_ad_id=123",
              { headers, keepalive: true });
 ```
 
-The `<a>`, `<img>`, and `window.open` mechanisms will cause the browser to
-initiate a `keepalive` fetch request to the URL indicated by `attributionsrc`.
-
-Response headers will be processed for any request that includes the
-`Attribution-Reporting-Eligible` request header, not just ones initiated via
-`window.fetch`. For example, responses will also be processed for
-`XmlHttpRequest` if the header was present on the corresponding request. See
-[Registration requests](#registration-requests) for details.
+Other requests APIs which allow specifying headers (e.g. `XMLHttpRequest`)
+will also work.
 
-The response to this request will configure the API. The browser will expect
-data in a new JSON HTTP header `Attribution-Reporting-Register-Source` which
-configures the API:
+The response to these requests will configure the API via a new JSON HTTP
+header `Attribution-Reporting-Register-Source` of the form:
 
 ```jsonc
 {