TODO (5822B)
1 Need tests for (likely not a complete list): 2 3 * Test how InterestGroup values affected by k-anon checks are passed to generateBid. 4 * adSizes, sizeGroups, ads, and adComponents all need such tests. 5 * adSizes and sizeGroups currently have no tests, since they are incorectly 6 currently not passed to generateBid at all. 7 * Test empty ads array: 8 Maybe simplest to test its numBids is empty? Hard to test a script isn't run. 9 * directFromSellerSignals. 10 * The expected order when both responses use the same ad slot is currently 11 undefined. However, we are in the process of resolving this matter by 12 implementing a LIFO approach, as outlined in progress at 13 crrev.com/c/4930438. Once this solution is in place, a test case will be 14 created by fetching two different URLs with signals that share the same 15 ad slot. 16 * After adding new test cases for the component auction, test the 17 directFromSellerSignals function with component auctions. Consider to 18 set up one auction in the top frame and two component auctions. Send 19 three fetch requests to retrieve three different AdAuctionSignals 20 headers. Ensure that you use three different seller origins for the 21 auctions and a different one for the buyer origin. 22 * All generateBid() and scoreAd() input parameters. 23 * All interest group fields (passed to auction, have effect on auction). 24 Very few fields covered. 25 Should be sure to cover buyerAndSellerReportingId and buyerReportingId for 26 component ads, as they should not be settable. 27 Already covered: 28 Validation when joining/leaving interest group. 29 renderURL and metadata for component ads (only integers covered, but 30 probably not worth covering all types, if we have coverage for the 31 main renderURL). 32 * Filtering/prioritization (including bidding signals influencing priorities) 33 * Size restrictions / ad and component ad sizes. 34 * additionalBids. 35 * adCost. 36 * bidCurrency. 37 * modellingSignals. 38 * Updates (both after auction and triggered). 39 * All auctionConfig parameters (including invalid auctionConfigs, and ones 40 with no buyers). 41 * Joining interest group with duration of 0 should just leave the IG (not 42 currently guaranteed to work, due to potential time skew between processes). 43 * Multiple buyers. 44 * Multiple interest groups with same owner. 45 * Multiple frame tests (including loading component 46 ad URNs in fenced frames of other frames, etc) 47 * adAuctionConfig passed to reportResult(). 48 * Component auctions. 49 * Including cross-origin sellers. 50 * Timeouts (seller timeout, buyer timeout, reporting timeout). 51 * browserSignals fields in scoring/bidding methods. 52 * In reporting methods, browserSignals fields: topLevelSeller, 53 componentSeller, modifiedBid, adCost, madeHighestScoringOtherBid 54 (with interest group from another origin). 55 * Loading ads in iframes. 56 * In fencedframes window.fence.setReportEventDataForAutomaticBeacons() 57 * Automatic beacons (e.g., reserved.top_navigation) 58 * Network timeouts. 59 * Validate specific escaping behavior logic (still under discussion). There 60 are a number of different rules for which characters are escaped, and 61 whether spaces are escaped as "%20" or "+". 62 * Reports not sent if ad not used. 63 * Interactions with local network access API, which requires public 64 networks to send CORS preflights for requests made over local networks. 65 Needs testing with public publisher pages running auctions with 66 sellers / buyers / update URLs on local networks. 67 * Calling FLEDGE APIs (or at least leaveAdInterestGroup() with no args) 68 in a non-ad FencedFrame. 69 * Promise AuctionConfig parameters 70 * Test network requests in terms of fetch behavior 71 * Network partition (not yet specced). 72 * Test that await is not needed for same-origin interest groups 73 * Verify that's still in the spec/explainer first. 74 * executionMode 75 * Including cross-origin join/leave behavior with "group-by-origin" mode. 76 * Make sure state is not shared. 77 * Across scoreAd() / generateBid() calls, and with report calls. 78 * In "group-by-origin" execution mode across IGs joined from different 79 origins, and between generateBid() and reportWin(). 80 * Test Content-Type headers allowed in responess for script/wasm/JSON fetches. 81 * Test WASM support, updating createBiddingWasmHelperURL(). 82 * Remaining interest group updates. 83 * Check that an update with one valid field and one invalid one fails. 84 * Test that an update works if owner and/or name match those in the interest group. 85 * Test updating the update URL and bidding script URL so they are all the 86 same origin (requires updating test fixture to handle multiple updates). 87 * Test when Ads is null. 88 * Test updating a cross origin interest group. 89 * Test fields that are updatable but do not make it to 'generateBid'. 90 If possible: 91 * Aggregate reporting. 92 * Join/leave permission delegation via .well-known files 93 * Including tests for clearOriginJoinedInterestGroups(). 94 * Include tests for HTTP-y/fetch-y things (e.g., whether they have cookies) 95 * k-anonymity. 96 * Signals request batching. This is an optional feature, so can't require it, 97 but maybe a test where batching could be used, and make sure things work, 98 whether batching is used or not? 99 * reporting timeout being 0. 100 * Test input with invalid https origin in web platform tests for both trusted bidding 101 and scoring signals coordinators. 102 * Test selectable buyer and seller reporting ids with k-anonymity enforcement. 103 * Test that service workers cannot see update urls. 104 * This was attempted in [here](https://chromium-review.googlesource.com/c/chromium/src/+/5512083), 105 but needed to be reverted because it kept timing out, [see here](https://g-issues.chromium.org/issues/339048485)