From 2b9d21410646401cd42e830f481f0d8b3ba18639 Mon Sep 17 00:00:00 2001 From: Orr Bernstein Date: Mon, 26 Feb 2024 05:58:33 -0800 Subject: [PATCH] Add permissions .well-known endpoint for Protected Audience API WPTs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This .well-known is fetched at the origin of the interest group's owner, and specifies as a URL parameter the origin of frame that's attempting to join or leave that interest group. This is implemented such that the origin of the frame is ignored altogether, and the determination of which operations are allowed depends strictly on the origin of the interest group owner, and specifically on the subdomain of the origin of the interest group owner. wptserve serves each of its two domains at both the raw domain and each of five subdomains. - www: disallows both join and leave - www1: allows join, but not leave - www2: allows leave, but not join - 天気の良い日 / élève: allow both join and leave - anything else (including no subdomain): returns a 404 More information about the permissions endpoint can be found at: https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation This change depends on https://github.com/web-platform-tests/wpt/pull/44398 to be usable from web platform tests. Change-Id: I34f71c2576183856a770dd1a2307f5502941d219 Bug: 40275797 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5277476 Commit-Queue: Orr Bernstein Reviewed-by: mmenke Cr-Commit-Position: refs/heads/main@{#1265173} --- .../interest-group/permissions/default.py | 8 +++ fledge/tentative/resources/permissions.py | 54 +++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 .well-known/interest-group/permissions/default.py create mode 100644 fledge/tentative/resources/permissions.py diff --git a/.well-known/interest-group/permissions/default.py b/.well-known/interest-group/permissions/default.py new file mode 100644 index 00000000000000..c24531c2f76db5 --- /dev/null +++ b/.well-known/interest-group/permissions/default.py @@ -0,0 +1,8 @@ +"""Endpoint to get interest group cross-origin permissions.""" +from importlib import import_module + +permissions = import_module('fledge.tentative.resources.permissions') + + +def main(request, response): + permissions.get_permissions(request, response) diff --git a/fledge/tentative/resources/permissions.py b/fledge/tentative/resources/permissions.py new file mode 100644 index 00000000000000..eed93c42756b75 --- /dev/null +++ b/fledge/tentative/resources/permissions.py @@ -0,0 +1,54 @@ +"""Methods for the interest group cross-origin permissions endpoint.""" +import json +import re + +from fledge.tentative.resources import fledge_http_server_util + +SUBDOMAIN_WWW = 'www' +SUBDOMAIN_WWW1 = 'www1' +SUBDOMAIN_WWW2 = 'www2' +SUBDOMAIN_FRENCH = 'élève'.encode('idna').decode() +SUBDOMAIN_JAPANESE = '天気の良い日'.encode('idna').decode() +ALL_SUBDOMAINS = [SUBDOMAIN_WWW, SUBDOMAIN_WWW1, SUBDOMAIN_WWW2, + SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE] + +def get_permissions(request, response): + """Returns JSON object containing interest group cross-origin permissions. + + The structure returned is described in more detail at + https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation. + This correctly handles requests issued in CORS mode. + + This .well-known is fetched at the origin of the interest group's owner, and + specifies as a URL parameter the origin of frame that's attempting to join or + leave that interest group. + + This is implemented such that the origin of the frame is ignored altogether, + and the determination of which operations are allowed depends strictly on the + origin of the interest group owner, and specifically on the subdomain of the + origin of the interest group owner. wptserve serves each of its two domains + at both the raw domain and each of five subdomains. + + - www: disallows both join and leave + - www1: allows join, but not leave + - www2: allows leave, but not join + - 天気の良い日 / élève: allow both join and leave + - anything else (including no subdomain): returns a 404 + """ + if fledge_http_server_util.handle_cors_headers_and_preflight(request, response): + return + + first_domain_label = re.search(r"[^.]*", request.url_parts.netloc).group(0) + if first_domain_label not in ALL_SUBDOMAINS: + response.status = (404, b"Not Found") + response.content = "Not Found" + return + + response.status = (200, b"OK") + response.headers.set(b"Content-Type", b"application/json") + response.content = json.dumps({ + "joinAdInterestGroup": first_domain_label in [ + SUBDOMAIN_WWW1, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE], + "leaveAdInterestGroup": first_domain_label in [ + SUBDOMAIN_WWW2, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE], + })