dd984fd6ea
Version 2 of the Protected Audiences trusted signals API uses encrypted requests to and responses from a TEE, which cannot be cached using HTTP semantics because of the layer of encryption on top of HTTPS. To solve this, we're implementing a browser side cache which the worklet service can pull directly from. This CL plumbs through the IDs needed to access the cache through the ScoreAd() calls. These IDs are passed through (already wired up) pipes to fetch the signals needed for each score ad call. These pipes are origin bound, so the browser-side can detect if a worklet is requesting signals not bound to it. Additionally, this CL adds a Mojo API allowing the seller to indicate when the browser process can request signals, in the case the signals URL is cross-origin to the seller. To get this information, the worklet process requests the script it will run, and parses a special HTTP header to determine what origins it can receive signals from, compares it against the trusted signals URL, and returns whether the origin of the trusted scoring signals URL appears in that list of origins. This needs to be done before the ScoreAd() call, so a new pipe is passed in to handle returning this information, passed in when a seller worklet is constructed. Bug: 333445540 Change-Id: I9eed83b4dc6f71183ca442b4c4be29d45a454f44 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5996171 Commit-Queue: mmenke <mmenke@chromium.org> Reviewed-by: Dominic Farolino <dom@chromium.org> Reviewed-by: Russ Hamilton <behamilton@google.com> Cr-Commit-Position: refs/heads/main@{#1382489}
This directory holds services that are: (a) Not considered part of Chrome's foundation (i.e., //services) or they have dependencies which we don't allow in /services (such as content or Blink), and (b) are entirely consumed by content/ (or exposed via a content/public interface).
If in doubt about where your service belongs, contact services-dev@chromium.org.