Possibility to execute document.browsingTopics() for a script HTML tag #239
Comments
|
Thanks for the feedback. From a security perspective, this isn't possible. Each document and its execution environment are associated with a single origin, that of the document. Third-party subresources loaded and executed within that same environment are considered to be owned by the origin of the document. This is to prevent unconsented data leakage from one origin to another. |
We've found it is fine, just delay the insertion until the main thread isn't busy. |
|
An alternative is to provide a Edit: To make it clear what I'm talking about, the |
It is not possible to get topic API datas using
document.browsingTopics()without using a non-friendly iframe context. It means a Javascript file https://example.com/getTopicAPIDatas.js even if the URL where the file is hosted was whitelisted after an enrollment, won't be able to executedocument.browsingTopics(). Adding a non-friendly iframe that would target "https://example.com/getTopicAPIDatas.js" could have impacts on loading time of the web page or current script executions and therefore won't be the best solution.Would it be possible to whitelist host/files that would allow javascript tags integrated directly on web pages to get topic API datas ?
Example: Considering a website "website.com" writing a javascript tag (
<script src="https://example.com/getTopicAPIDatas.js">) and https://example.com is whitelisted/enrolled, https://example.com/getTopicAPIDatas.js would be able to executedocument.browsingTopics().The text was updated successfully, but these errors were encountered: