I2I: Run 3p service scripts in AMP (original) (raw)

Summary

The AMP team decided to restrict all cross domain iframe running in the background. To allow 3p service providers to run their scripts in AMP document, we propose a workaround to run all 3p scripts in a web worker.

This is different from <amp-script> in two ways. 1. No DOM access or DOM change. 2. Scripts must come from publishers trusted service providers. (Provided by an AMP component)

The following proposal serves as a workaround. It is still recommended that 3p service integrate with AMP as first party AMP component.

Design document

image

ScriptRunner Service

run(scriptUrl) {
  // The service will import and run script in the web worker
}

send(type, data) {
  // send data to the worker. ScriptRunner handles msg buffering before the worker is up.
}

listen(type, listener) {
  // register listener
}

It’s up to the 3P AMP component to define the communication API between its AMP component and the web worker via the listen and send method.

Worker Initialization & Termination

The Worker will be created lazily when ScrptRunner.run() is called the first time.
Messages from AMP to the worker will be buffered for a certain time before the worker has been created.
The worker will remain alive. But AMP runtime may choose to terminate it after a certain timeout.

Multiple scripts

Only one web worker will be created for all 3rd party scripts to share.

Security Concern

We'll need to sandbox the web worker. (e.g. dereferencing Worker globals)

Based on the feedback from the security review. We need to place the web worker within a sandboxed cross origin iframe. The iframe will serve as a proxy to post messages between AMP and the web worker.

To be discussed: Given the sandbox iframe, do we still need to sandbox the web worker? (e.g fetching scripts)

AMP Analytics Integration

There's a request to feed the web worker with data from <amp-analytics>. We think this is reasonable and propose a new transport method worker (name tbd) to <amp-analytics>

Motivation

The Permutive needs to run their scripts to calculate <amp-ad> JSON config on the client side. While they're willing to introduce a <amp-permutive> component, they can't generalize their publisher based solution. #28095

Similar to why we introduce <amp-script>. Being able to run a small piece of their scripts may unblock more service providers from integrating to AMP.

Additional context

Some 3P service providers integrates with AMP via running their scripts in an iframe. This has been discussed in Design Review #28471. AMP will no longer allow cross domain iframe running in the background (e.g. <amp-pinterest> is allowed because there's content) unless an exception has been made with review.

Launch tracker

/cc @ampproject/wg-approvers @joshfg