WICG · linnan-github · Apr 18, 2023 · Apr 5, 2023 · Apr 5, 2023 · Apr 5, 2023
diff --git a/app_to_web.md b/app_to_web.md
@@ -44,11 +44,16 @@ sequenceDiagram
 ```
 See Android's [Attribution reporting: cross app and web measurement proposal](https://developer.android.com/design-for-safety/privacy-sandbox/attribution-app-to-web) for one example of an OS API that a browser can integrate with to do cross app and web measurement.
 
-The existing API involves sending requests to the reporting origin to register events. These requests will have a new request header `Attribution-Reporting-Eligible`. On requests with this header, the browser will additionally broadcast possible OS-level support for attribution to the reporting origin’s server via a new [dictionary structured request header](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-header-structure-15#section-3.2):
+The existing API involves sending requests to the reporting origin to register events. These requests will have a new request header `Attribution-Reporting-Eligible`. On requests with this header, the browser will additionally broadcast possible web or OS-level support for attribution to the reporting origin’s server via a new [dictionary structured request header](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-header-structure-15#section-3.2):
 ```
 Attribution-Reporting-Support: os, web
 ```
 
+Note that if there is neither web nor OS-level support for attribution, no
+background requests will be made and the browser will not set
+`Attribution-Reporting-Eligible` header on `<a>`, `window.open`, `<img>`, and
+`<script>` requests.
+
 For subresource requests without the `Attribution-Reporting-Eligible` header,
 the server can optionally respond to the request with a [boolean structured header](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-header-structure-15#section-3.3.6):
 ```http

diff --git a/header-validator/data.trigger.js b/header-validator/data.trigger.js
@@ -12,6 +12,7 @@ export const testCases = [
         "filters": {"x": []},
         "not_filters": {"y": []}
       }],
+      "aggregatable_source_registration_time": "include",
       "aggregatable_trigger_data": [{
         "filters": {"a": ["b"]},
         "key_piece": "0x1",
@@ -527,4 +528,21 @@ export const testCases = [
       msg: "must match 'aws-cloud' (case-sensitive)",
     }],
   },
+
+  {
+    name: "aggregatable-source-registration-time-wrong-type",
+    json: `{"aggregatable_source_registration_time": 1}`,
+    expectedErrors: [{
+      path: ["aggregatable_source_registration_time"],
+      msg: "must be a string",
+    }],
+  },
+  {
+    name: "aggregatable-source-registration-time-unknown-value",
+    json: `{"aggregatable_source_registration_time": "EXCLUDE"}`,
+    expectedErrors: [{
+      path: ["aggregatable_source_registration_time"],
+      msg: "must match 'exclude' or 'include' (case-sensitive)",
+    }],
+  },
 ];
diff --git a/header-validator/validate-json.js b/header-validator/validate-json.js
@@ -301,6 +301,15 @@ const aggregatableDedupKeys = list(
       not_filters: optional(filters()),
     }))
 
+const aggregatableSourceRegistrationTime = string((state, value) => {
+  const exclude = 'exclude'
+  const include = 'include'
+  if (value === exclude || value === include) {
+    return
+  }
+  state.error(`must match '${exclude}' or '${include}' (case-sensitive)`)
+})
+
 export function validateTrigger(trigger) {
   const state = new State()
   state.validate(trigger, {
@@ -313,6 +322,7 @@ export function validateTrigger(trigger) {
     filters: optional(orFilters),
     not_filters: optional(orFilters),
     aggregatable_deduplication_keys: optional(aggregatableDedupKeys),
+    aggregatable_source_registration_time : optional(aggregatableSourceRegistrationTime),
   })
   return state.result()
 }