Consider dropping the 'trust-token-redemption' feature policy? #106
Labels
Comments
|
+1 for removing this given how some ad tags can be loaded in a cross-origin iframe. |
|
Any update on this? |
|
Hi team, any updates on this? |
|
Thanks for raising this and your patience. Current opt-in model requires sites to explicitly allow iframes for token operations. This is helpful considering there can be at most 2 distinct issuers per top level page. However, your concerns are valid and we are looking for solutions to alleviate the adoption pains for pages and IVT vendors. |
arichiv
added a commit
to arichiv/trust-token-api
that referenced
this issue
Sep 9, 2024
Not asking for review of this yet, but posting here for consideration as part of WICG#106
This was referenced Sep 9, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit?usp=sharing
However, it is not uncommon the ad tag is loaded inside a cross-origin iframe where the ad tach company has no control of. In some cases, this number can be over 50%. It is not practical to reach out to all affected publishers to add the feature policy to their iframes.
Removing this feature policy should significantly increase the trust token coverage.
The text was updated successfully, but these errors were encountered: