New Shared Storage features in M135: Custom data origin in createWorklet
Kasper Kulikowski
Hey all,
We're introducing updates to the Shared Storage API in M135, enabling you to set a custom data origin in calls to createWorklet().
In M130 we added the dataOrigin property to the createWorklet() call to allow reading and writing to a shared storage data partition that is different from the invoking browsing context. dataOrigin can be set to context-origin or script-origin. As of M135 you can also set dataOrigin to be the URL of a custom data origin.
sharedStorage.createWorklet(scriptUrl,
{ dataOrigin: "https://custom-data-origin.example" });
When using a custom data origin, the data is stored in the Shared Storage of the defined origin. The script endpoint has to respond with the header Shared-Storage-Cross-Origin-Worklet-Allowed and CORS should be enabled.
Consent from the custom data origin owner is also required. The owner must host a JSON file at /.well-known/shared-storage/trusted-origins listing the scriptOrigin and contextOrigin combinations that are allowed to process their Shared Storage data. Both scriptOrigin and contextOrigin can be either a string or an array.
[{
"scriptOrigin": "https://cdn-ad.example",
"contextOrigin": "https://publisher.example"
}]
The Shared Storage Implementation documentation has been updated to reflect these changes and provide further guidance on using custom data origins.
If you have any questions or comments, reply to this post or open an issue in the Privacy Sandbox Dev Support repository on GitHub.