Explain credentials on automatic beacons until 3PCD (#884)

* Add description of credentials on automatic beacons * apply Shivani's edit --------- Co-authored-by: Paul Jensen <[email protected]>
WICG · Nov 9, 2023 · a2e5716 · a2e5716
1 parent 674bdac
commit a2e5716
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/Fenced_Frames_Ads_Reporting.md b/Fenced_Frames_Ads_Reporting.md
@@ -262,6 +262,8 @@ window.fence.setReportEventDataForAutomaticBeacons({
 });
 ```
 
+When 3rd party cookies are enabled, automatic beacon requests only (not beacons sent manually through `reportEvent`) allow credentials (cookies) to be set in headers. This was requested by https://github.com/WICG/turtledove/issues/866 in order to help with migration and ARA debugging. These requests are subject to CORS and only occur after opt-in by virtue of calling the `setReportEventDataForAutomaticBeacons` API.
+
 #### Enrollment Requirement
 The reporting destination URL registered by `setReportEventDataForAutomaticBeacons` is required to have its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) attested for Protected Audience API, otherwise the automatic beacon is not allowed to be sent to this reporting destination. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model).