attribution-reporting-api icon indicating copy to clipboard operation
attribution-reporting-api copied to clipboard
verified publisher icon WICG

Network Partition Key for reports is not specified

Open MattMenke2 opened this issue 4 years ago • 4 comments

Conversion measurement reports have information collected in two different first party network contexts (publisher page, report destination (?), and are potentially reported to yet a third site. To avoid leaking information between different first party network contexts, the reports should therefore be specified to each use a single-use Network Partition Key.

In Chrome-land, these are known as "Transient NetworkIsolationKey" (NIK predates adding Network Partition Key to the fetch spec, so NIKs and NPKs are basically the same thing), but I don't believe the fetch defines them. They're just NPKs for opaque origins, which the fetch spec allows.

MattMenke2 avatar Sep 14 '21 15:09 MattMenke2

To do this, it appears that we need to set the fetch request's client, which is used in https://fetch.spec.whatwg.org/#request-determine-the-network-partition-key.

apasel422 avatar Apr 14 '23 16:04 apasel422

Right now we set a null client, which appears at first glance to work (i.e. it does not cache the response), but it looks like it reuses a "null"-keyed connection cache (https://fetch.spec.whatwg.org/#concept-connection-obtain) which doesn't seem right.

csharrison avatar Jul 25 '23 16:07 csharrison

@MattMenke2 Could you help us understand what's left to do for this in the "create a report request" algorithm?

apasel422 avatar Apr 15 '24 12:04 apasel422

I'm not sure the fetch standard has a concept of a unique, unshared network partition. I'm not really sure what the next step is here, unfortunately. I know the network partitioning code, I don't know how specs wire it up to the web platform.

MattMenke2 avatar Apr 15 '24 16:04 MattMenke2