Type of issue

feature request

Description

Bid adapters (and other relevant modules) may want the ability to be able to read partitioned (CHIPS) cookies within their prebid code to perform some logic based on the state of the cookie. From my understanding, these partitioned cookies will not be directly accessible from within a document.cookie call within prebid.js (as prebid typically lives within the publisher domain layer). Another means would be needed to help provide the information to prebid.

In briefly discussing with @dgirardi, one approach could be to development a framework that would allow prebid to receive postmessage requests from recognized iframe sources to pass-in information that's normally only available from within a third party domain-space (like these partitioned cookies, as well as the recently supported Topics data). Given the partial setup that was given to accessing Topics data for Prebid, the framework could be extended/generalized for additional types of data. Or something new could be designed from scratch that would have potential expansion in mind along with a standardized message contract to communicate with Prebid.js.

Other approaches may be out there, if anyone is aware - please share here so we can make this proposal better.

Browser feature reference:
https://developers.google.com/privacy-sandbox/3pcd/chips
https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies

The sync frames might be an opportunity here, you could listen for a postmessage from your own sync frame.

Generally, I am concerned about people doing other things in the frame. Is there an automatic way prebid.js could validate the frame contents?

Ideally, we'd want to obtain the partitioned cookie's value as early as possible, before the auction request. Unless it'd be okay to store the value in local storage to obtain later (assuming user permissions, etc) so that we could check the value in local storage later - then I could see the user sync frame as a possible option we could explore internally.

I'm unsure of an automated way to validate the contents - we could keep the code unminified so that it's directly open for people to see. Is there a similar verification mechanism for the Prebid.js topics' HTML files that we could replicate here?

One proposal is to allow publishers to configure a bid adapter to expedite the iframe sync pixel and interact with it via postmessage. Would that solve your need?

You have the chips cookies in your headers to your endpoint request, and your response could potentially include any lookups of values related, either in your bid or submitted auction config for paapi

For info only - state of CHIPS proposal might be worth considering.

I suggest waiting until August and the position of CHIPS following the next iteration of the CMA/ICO reporting cycle as the model might change. See 26th April report and section on CHIPS.

85. Google needs to resolve our concerns for CHIPS and our current view is that this should involve taking the following steps:
(a) Ensure that the ability of publishers to offer single sign-in services via authenticated embeds is preserved, especially during the transition period where stakeholders (including and especially non-ad tech stakeholders) may experience significant overheads in maintaining support for both old and new methods.
(b) Ensure that CHIPS is implemented with sufficient memory to enable third-party applications relied upon by publishers.
(c) Help mitigate costs for stakeholders who have to maintain parallel stacks in the lead up to third-party cookie deprecation.
(d) Work towards a consistent cross-browser implementation of Storage Access API where it affects CHIPS users.