Add SDK integration doc for inabox. #23272
Conversation
ads/inabox/inabox-host.md
Outdated
| # SDK integration for AMPHTML ad | ||
| One goal of AMPHTML ad is for advertisers to create once and use every where. |
ads/inabox/inabox-host.md
Outdated
| This term describes the situation that an AMPHTML ad is being served | ||
| on an non-AMP page inside an iframe embed or in a WebView for native | ||
| mobile apps. This is very different from how AMPHTML ad gets rendered |
ads/inabox/inabox-host.md
Outdated
| on an non-AMP page inside an iframe embed or in a WebView for native | ||
| mobile apps. This is very different from how AMPHTML ad gets rendered | ||
| on an AMP page, as in which case, more sources sharing between the |
ads/inabox/inabox-host.md
Outdated
|
|
||
| ###### friendly iframe | ||
| An iframe on the host page that has the same origin, so that it has |
There was a problem hiding this comment.
"An iframe with the same origin as the host page"
ads/inabox/inabox-host.md
Outdated
| full access to the host page content. | ||
|
|
||
| ###### foreign iframe |
ads/inabox/inabox-host.md
Outdated
|
|
||
| In the 2nd step, if the ad is generated by a 3rd party, it's a good | ||
| idea to run it through an AMP validator to make sure it is valid AMP. |
There was a problem hiding this comment.
In cases where the ad network is relying on AMPHTML being trustworthy, running the ad through the validator is more than a good idea!
ads/inabox/inabox-host.md
Outdated
| `https://cdn.ampproject.org/rtv/{version}/amp4ads-host-v0.js` | ||
| 1. Before host script is loaded, ads tag is still responsible to queue | ||
| up all coming AMP messages into a global array. |
ads/inabox/inabox-host.md
Outdated
| corresponding host script: | ||
| `https://cdn.ampproject.org/rtv/{version}/amp4ads-host-v0.js` | ||
| 1. Before host script is loaded, ads tag is still responsible to queue |
There was a problem hiding this comment.
to queue -> for queuing
| join us to serve and render AMPHTML ad in various environment, for | ||
| example regular web & native mobile apps. | ||
|
|
There was a problem hiding this comment.
Mention server-side rendering somewhere?
There was a problem hiding this comment.
Hesitated to do so... given it's not really standardized at this moment. It makes quite lot assumption with AMP runtime. There is an on-going effort to open-source some SSR for regular AMP doc. But I don't think it's that ready yet, as nothing about amp4ads is covered.
There was a problem hiding this comment.
I think it's worth mentioning that this is in progress, and that if you're looking at serving inabox you should get in touch with the project. Without SSR performance is pretty bad.
There was a problem hiding this comment.
added a section for Server side rendering
ads/inabox/inabox-host.md
Outdated
| full access to the host page content. | ||
|
|
||
| ###### foreign iframe |
ads/inabox/inabox-host.md
Outdated
|
|
||
| ###### friendly iframe | ||
| An iframe on the host page that has the same origin, so that it has |
ads/inabox/inabox-host.md
Outdated
|
|
||
| In the 2nd step, if the ad is generated by a 3rd party, it's a good | ||
| idea to run it through an AMP validator to make sure it is valid AMP. |
ads/inabox/inabox-host.md
Outdated
| `https://cdn.ampproject.org/rtv/{version}/amp4ads-host-v0.js` | ||
| 1. Before host script is loaded, ads tag is still responsible to queue | ||
| up all coming AMP messages into a global array. |
ads/inabox/inabox-host.md
Outdated
| corresponding host script: | ||
| `https://cdn.ampproject.org/rtv/{version}/amp4ads-host-v0.js` | ||
| 1. Before host script is loaded, ads tag is still responsible to queue |
ads/inabox/inabox-host.md
Outdated
| communicate to the host page via postMessage API. | ||
|
|
||
| ## Web SDK (ads tag) integration |
| join us to serve and render AMPHTML ad in various environment, for | ||
| example regular web & native mobile apps. | ||
|
|
There was a problem hiding this comment.
Hesitated to do so... given it's not really standardized at this moment. It makes quite lot assumption with AMP runtime. There is an on-going effort to open-source some SSR for regular AMP doc. But I don't think it's that ready yet, as nothing about amp4ads is covered.
| join us to serve and render AMPHTML ad in various environment, for | ||
| example regular web & native mobile apps. | ||
|
|
There was a problem hiding this comment.
I think it's worth mentioning that this is in progress, and that if you're looking at serving inabox you should get in touch with the project. Without SSR performance is pretty bad.
ads/inabox/inabox-host.md
Outdated
| 1. Add [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) | ||
| rules to the ad response to 1) only load JS files from trusted AMP | ||
| CDN; 2) disallow iframe embed. |
There was a problem hiding this comment.
If you look on a page with GPT you can see Google is currently using:
<meta http-equiv="Content-Security-Policy" content="script-src https://cdn.ampproject.org/;object-src 'none';child-src blob:;frame-src 'none'">
Why not recommend that here? If you're not careful, for example, you can break amp-bind by not allowing workers to be loaded from blobs.
See #21681 where I proposed AMP recommend this CSP.
ads/inabox/inabox-host.md
Outdated
| CDN; 2) disallow iframe embed. | ||
| 1. Validate the AMPHTML ad using an AMP validator. There is an open | ||
| source JS implementation for the validator. But for performance reason |
ads/inabox/inabox-host.md
Outdated
| ###### Security assurance | ||
| In case that the AMPHTML ad is generated by a 3rd party, to ensure it's | ||
| secure to put it in a friendly iframe, the following 2 enforcements |
There was a problem hiding this comment.
"enforcements" -> "restrictions" or "protections"
ads/inabox/inabox-host.md
Outdated
| host script is to be loaded in that case to fulfill the requirements. | ||
|
|
||
| Main work flow: |
* Add SDK integration doc for inabox. * Update * address comments * Fix presumit check * Updates
* Add SDK integration doc for inabox. * Update * address comments * Fix presumit check * Updates
/cc @zombifier (can't add you to reviewer for some reason).