Remove ar_debug requirement for cookie-based debug reporting

WICG/attribution-reporting-api#1441 Bug: 369506940, 330745162 Change-Id: I1dfc23f96e9d7a594c23114ad707ceffcde1161e
web-platform-tests · Oct 15, 2024 · 8a73e5a · 8a73e5a
1 parent 9c76757
commit 8a73e5a
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 36 deletions.
diff --git a/attribution-reporting/aggregatable-report-no-contributions.sub.https.html b/attribution-reporting/aggregatable-report-no-contributions.sub.https.html
@@ -14,7 +14,6 @@
 
   registerAttributionSrcByImg(createRedirectChain([
     {
-      cookie: attributionDebugCookie,
       source: {
         aggregation_keys: {
           campaignCounts: '0x159',

diff --git a/attribution-reporting/resources/helpers.js b/attribution-reporting/resources/helpers.js
@@ -35,8 +35,6 @@ const verboseDebugReportsUrl =
 const aggregatableDebugReportsUrl =
     '/.well-known/attribution-reporting/debug/report-aggregate-debug';
 
-const attributionDebugCookie = 'ar_debug=1;Secure;HttpOnly;SameSite=None;Path=/';
-
 const pipeHeaderPattern = /[,)]/g;
 
 // , and ) in pipe values must be escaped with \
@@ -86,7 +84,7 @@ const redirectReportsTo = origin => {
     ]);
 };
 
-const getFetchParams = (origin, cookie) => {
+const getFetchParams = (origin) => {
   let credentials;
   const headers = [];
 
@@ -95,25 +93,10 @@ const getFetchParams = (origin, cookie) => {
   }
 
   // https://fetch.spec.whatwg.org/#http-cors-protocol
-
-  const allowOriginHeader = 'Access-Control-Allow-Origin';
-
-  if (cookie) {
-    credentials = 'include';
-    headers.push({
-      name: 'Access-Control-Allow-Credentials',
-      value: 'true',
-    });
-    headers.push({
-      name: allowOriginHeader,
-      value: `${location.origin}`,
-    });
-  } else {
-    headers.push({
-      name: allowOriginHeader,
-      value: '*',
-    });
-  }
+  headers.push({
+    name: 'Access-Control-Allow-Origin',
+    value: '*',
+  });
   return {credentials, headers};
 };
 
@@ -127,7 +110,7 @@ const createRedirectChain = (redirects) => {
   let redirectTo;
 
   for (let i = redirects.length - 1; i >= 0; i--) {
-    const {source, trigger, cookie, reportingOrigin} = redirects[i];
+    const {source, trigger, reportingOrigin} = redirects[i];
     const headers = [];
 
     if (source) {
@@ -144,10 +127,6 @@ const createRedirectChain = (redirects) => {
       });
     }
 
-    if (cookie) {
-      headers.push({name: 'Set-Cookie', value: cookie});
-    }
-
     let status;
     if (redirectTo) {
       headers.push({name: 'Location', value: redirectTo.toString()});
@@ -169,7 +148,6 @@ const registerAttributionSrcByImg = (attributionSrc) => {
 const registerAttributionSrc = ({
   source,
   trigger,
-  cookie,
   method = 'img',
   extraQueryParams = {},
   reportingOrigin,
@@ -200,14 +178,9 @@ const registerAttributionSrc = ({
     });
   }
 
-  if (cookie) {
-    const name = 'Set-Cookie';
-    headers.push({name, value: cookie});
-  }
-
   let credentials;
   if (method === 'fetch') {
-    const params = getFetchParams(reportingOrigin, cookie);
+    const params = getFetchParams(reportingOrigin);
     credentials = params.credentials;
     headers = headers.concat(params.headers);
   }

diff --git a/attribution-reporting/simple-verbose-debug-report.sub.https.html b/attribution-reporting/simple-verbose-debug-report.sub.https.html
@@ -11,7 +11,6 @@
 
   registerAttributionSrcByImg(createRedirectChain([
     {
-      cookie: attributionDebugCookie,
       trigger: {
         debug_reporting: true,
         debug_key: expectedTriggerDebugKey,