Cloudflare ad network example#6882
Conversation
keithwrightbos
left a comment
There was a problem hiding this comment.
I'd prefer to wait to review this until #6884 has been merged.
|
Can we still get them in same release? |
|
Very likely, next canary cut should be Wednesday of next week.
…On Thu, Jan 5, 2017 at 9:24 AM dknecht ***@***.***> wrote:
Can we still get them in same release?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#6882 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABr0Lzj0eC252RjT9NGOvNahDr4n_3V8ks5rPP0qgaJpZM4LbPPe>
.
|
2a5aa26 to
d2347d0
Compare
| export const a4aRegistry = map({ | ||
| 'adsense': adsenseIsA4AEnabled, | ||
| 'doubleclick': doubleclickIsA4AEnabled, | ||
| 'cloudflare': cloudflareIsA4AEnabled, |
There was a problem hiding this comment.
This should only be enabled in dev mode, right?
There was a problem hiding this comment.
We will be having some production demos so would like to keep enabled.
d2347d0 to
026eae1
Compare
|
I got the lint and type check errors out of the way, but I see a dist timeout. Is that an intermittent error? |
026eae1 to
a6ad0c1
Compare
|
I noticed that #6884 was closed. Are you planning to use this PR to include the triplelift A4A implementation? If so, can you address my review comments in the original PR? |
|
I think I've addressed all your comments from the triple lift implementation. This won't include the triple lift implementation, but hopefully, it will inform them of changes necessary to have a clean submission. I'll be adding in tests this coming week. |
| import {dev} from '../../../src/log'; | ||
|
|
||
|
|
||
| // Header that will contain Cloudflare generated signature |
There was a problem hiding this comment.
| * @param {!Element} element | ||
| */ | ||
| /* | ||
| constructor(element) { |
There was a problem hiding this comment.
I wanted this file to serve as an example starting point for other implementations. Since many of them actually will need initialization, I've included most of the boilerplate here for guidance/convenience and given instructions to remove this in actual implementations. If you have a strong preference, I'm fine with removing this.
There was a problem hiding this comment.
Is this blocking the merge? If so, I will remove this.
There was a problem hiding this comment.
I agree with @keithwrightbos . let's remove. we can make the fake-impl as a template.
| // const rect = this.getIntersectionElementLayoutBox(); | ||
| // can extract the layout size and be used to pass layout hints to the server. | ||
|
|
||
| // Be sure that this doesn't allow the generation of ANY url, since it could |
There was a problem hiding this comment.
How/when do you plan to add checks?
| * Extract creative and signature from a Cloudflare signed response. | ||
| * | ||
| * Note: Invalid A4A content will NOT have a signature, which will automatically | ||
| * cause the A4A processing to fall through to the 3p ad flow. |
There was a problem hiding this comment.
Note that lack of signature does not actually cause the 3p ad flow to be used where a xdomain iframe is created in which custom JS executes to generate an ad request. Instead, it will take the creative given and render it directly within a cross domain frame using either network cache (if Android) or safeframe (if iOS).
| // check for an explicit attribute to enable A4A processing. | ||
| // This could be just true, if all ads from this network are A4A, or any | ||
| // other logic based upon configuration, client settings, etc. | ||
| return !!element.getAttribute('data-a4a'); |
There was a problem hiding this comment.
Could add check for src attribute existence
41689cc to
a500b3d
Compare
|
I've added tests and made the most recently requested changes. Let me know if you'd like anything else. I'd like this to be a clean template for future implementers to start with to integrate Cloudflare ad signing. |
|
cc / @keithwrightbos |
|
Can you explain why it is necessary to create a completely separate extension from the fake-impl? Why not just allow for fake-impl to extract its signing services via an element attribute? |
|
Sorry I'm late to this conversation. Just so I'm clear: Is Cloudflare providing an ad network service? Or only a signing service for other ad networks (e.g., TripleLift)? |
| // be sure that this only generates urls to valid hosts, since it could | ||
| // allow cookie leaks, etc. | ||
|
|
||
| return CLOUDFLARE_BASE_URL + this.element.getAttribute('src'); |
There was a problem hiding this comment.
Since the 'src' attribute is publisher-controlled, is there a possibility for hostile content injection here? Would it be feasible to uriEncode the src?
|
@tdrl @keithwrightbos We are providing a signing service, but would like to be able to do a full working demo to help make educating potential users easier. We will use for PSA on our blog's amp content. |
|
And you feel that modifying fake as suggested would be insufficient? I'm concerned about making several extensions that will never actually be used. @jridgewell your thoughts? |
|
This is more a question for @lannka or @cramforce. |
build-system/server.js
Outdated
| */ | ||
| var BBPromise = require('bluebird'); | ||
| var app = require('express')(); | ||
| var express = require('express'); |
There was a problem hiding this comment.
I had worked around needing this, so this change is no longer needed. I'm removing it.
| * @param {!Element} element | ||
| */ | ||
| /* | ||
| constructor(element) { |
There was a problem hiding this comment.
I agree with @keithwrightbos . let's remove. we can make the fake-impl as a template.
|
I don't believe the fake-impl can be used in production. |
|
I think having such demo code makes sense at this stage to help mature the content. Lets proceed with regular review. |
5e123aa to
2b4316e
Compare
|
@keithwrightbos are we good to go? We are talking with @jasti about ways to remove in the future. |
|
|
||
| import {AmpAdNetworkCloudflareImpl} from '../amp-ad-network-cloudflare-impl'; | ||
| import { | ||
| AmpAdUIHandler, // eslint-disable-line no-unused-vars |
| // be sure that this only generates urls to valid hosts, since it could | ||
| // allow cookie leaks, etc. | ||
|
|
||
| return CLOUDFLARE_BASE_URL + encodeURI(this.element.getAttribute('src')); |
There was a problem hiding this comment.
Needs to be encodeURI, since this is meant to be the continuation of the URL, to support path references, etc.
| * @type {string} | ||
| * @private | ||
| */ | ||
| //const CLOUDFLARE_BASE_URL = 'http://www.mycloudflaredomain.com/_a4a'; |
There was a problem hiding this comment.
can we remove this and merge JsDoc into the other one?
| * @private | ||
| */ | ||
| const CLOUDFLARE_BASE_URL = | ||
| '/extensions/amp-ad-network-cloudflare-impl/0.1/data'; |
There was a problem hiding this comment.
we can use simple string like: /cloudflare/a4a-data
There was a problem hiding this comment.
This follows the pattern from the fake impl to locate test data, so this represents the path to the test data folder.
build-system/server.js
Outdated
| * Handle CORS headers | ||
| */ | ||
| app.use(cloudflareDir, function fakeCors(req, res, next) { | ||
| res.setHeader("Access-Control-Allow-Methods", "GET,OPTIONS"); |
There was a problem hiding this comment.
can we reuse the existing method assertCors?
build-system/server.js
Outdated
| /** | ||
| * Handle fake data | ||
| */ | ||
| app.get(cloudflareDir + '/*', function(req, res) { |
There was a problem hiding this comment.
can we reuse the existing code at line 543?
you do:
app.get([doubleclickPath, cloudflarePath], function(req, res) {
}
There was a problem hiding this comment.
This one is different, since it has different header handling than the fake one.
There was a problem hiding this comment.
is X-AmpAdSignature the only difference ? we can add it to that method.
build-system/server.js
Outdated
| /** | ||
| * Handle CORS preflight | ||
| */ | ||
| app.options(cloudflareDir + '/*', function(req, res) { |
There was a problem hiding this comment.
are we able to merge this into the previous CORS handler?
2b4316e to
7f695ab
Compare
|
The test failure only occurred after rebasing on master. I'm pretty sure we didn't do anything that would have changed that test result. Also, it looks like timing could affect the test results. |
|
Restarted the test. You can always force-push a new git-sha to get a new run. Apologies for the flaky test. |
build-system/server.js
Outdated
| assertCors(req, res, ['GET', 'OPTIONS'], ['X-AmpAdSignature']); | ||
|
|
||
| if (req.method=='OPTIONS') { | ||
| res.status(204); |
7f695ab to
1a71d1e
Compare
1a71d1e to
6d41ed3
Compare
|
@lannka I think I implemented all changes from your review. |
* Local debug server changes to fake Cloudflare signing. * Changes to support a new A4A ad network with Cloudflare Signing
* Local debug server changes to fake Cloudflare signing. * Changes to support a new A4A ad network with Cloudflare Signing
For issue #6881
This adds example code for implementing an ad network that uses the Cloudflare A4A signing service.