-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider dropping the 'trust-token-redemption' feature policy? #106
Comments
+1 for removing this given how some ad tags can be loaded in a cross-origin iframe. |
Any update on this? |
Hi team, any updates on this? |
Thanks for raising this and your patience. Current opt-in model requires sites to explicitly allow iframes for token operations. This is helpful considering there can be at most 2 distinct issuers per top level page. However, your concerns are valid and we are looking for solutions to alleviate the adoption pains for pages and IVT vendors. |
Not asking for review of this yet, but posting here for consideration as part of WICG#106
According to https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit?usp=sharing
However, it is not uncommon the ad tag is loaded inside a cross-origin iframe where the ad tach company has no control of. In some cases, this number can be over 50%. It is not practical to reach out to all affected publishers to add the feature policy to their iframes.
Removing this feature policy should significantly increase the trust token coverage.
The text was updated successfully, but these errors were encountered: