diff --git a/crates/common/README.md b/crates/common/README.md index 2dd2423..4fa5fad 100644 --- a/crates/common/README.md +++ b/crates/common/README.md @@ -51,8 +51,8 @@ Behavior is covered by an extensive test suite in `crates/common/src/creative.rs - `synthetic.rs` generates a deterministic synthetic identifier per user request and exposes helpers: - `generate_synthetic_id` — creates a fresh HMAC-based ID using request signals. - - `get_synthetic_id` — extracts an existing ID from the `X-Synthetic-Trusted-Server` header or `synthetic_id` cookie. + - `get_synthetic_id` — extracts an existing ID from the `x-psid-ts` header or `synthetic_id` cookie. - `get_or_generate_synthetic_id` — reuses the existing ID when present, otherwise creates one. -- `publisher.rs::handle_publisher_request` stamps proxied origin responses with `X-Synthetic-Fresh`, `X-Synthetic-Trusted-Server`, and (when absent) issues the `synthetic_id` cookie so the browser keeps the identifier on subsequent requests. +- `publisher.rs::handle_publisher_request` stamps proxied origin responses with `X-Synthetic-Fresh`, `x-psid-ts`, and (when absent) issues the `synthetic_id` cookie so the browser keeps the identifier on subsequent requests. - `proxy.rs::handle_first_party_proxy` replays the identifier to third-party creative origins by appending `synthetic_id=` to the reconstructed target URL, follows redirects (301/302/303/307/308) up to four hops, and keeps downstream fetches linked to the same user scope. - `proxy.rs::handle_first_party_click` adds `synthetic_id=` to outbound click redirect URLs so analytics endpoints can associate clicks with impressions without third-party cookies. diff --git a/crates/common/src/constants.rs b/crates/common/src/constants.rs index 9715728..775ed11 100644 --- a/crates/common/src/constants.rs +++ b/crates/common/src/constants.rs @@ -3,8 +3,7 @@ use http::header::HeaderName; pub const HEADER_SYNTHETIC_FRESH: HeaderName = HeaderName::from_static("x-synthetic-fresh"); pub const HEADER_SYNTHETIC_PUB_USER_ID: HeaderName = HeaderName::from_static("x-pub-user-id"); pub const HEADER_X_PUB_USER_ID: HeaderName = HeaderName::from_static("x-pub-user-id"); -pub const HEADER_SYNTHETIC_TRUSTED_SERVER: HeaderName = - HeaderName::from_static("x-synthetic-trusted-server"); +pub const HEADER_SYNTHETIC_TRUSTED_SERVER: HeaderName = HeaderName::from_static("x-psid-ts"); pub const HEADER_X_CONSENT_ADVERTISING: HeaderName = HeaderName::from_static("x-consent-advertising"); pub const HEADER_X_FORWARDED_FOR: HeaderName = HeaderName::from_static("x-forwarded-for"); diff --git a/crates/common/src/synthetic.rs b/crates/common/src/synthetic.rs index b62ec8c..d84a95e 100644 --- a/crates/common/src/synthetic.rs +++ b/crates/common/src/synthetic.rs @@ -83,7 +83,7 @@ pub fn generate_synthetic_id( /// Gets or creates a synthetic ID from the request. /// /// Attempts to retrieve an existing synthetic ID from: -/// 1. The `X-Synthetic-Trusted-Server` header +/// 1. The `x-psid-ts` header /// 2. The `synthetic_id` cookie /// /// If neither exists, generates a new synthetic ID. diff --git a/crates/js/README.md b/crates/js/README.md index 86b4c47..cde9ff6 100644 --- a/crates/js/README.md +++ b/crates/js/README.md @@ -111,7 +111,7 @@ The Rust services (`trusted-server-common`) expose several proxy entry points th - Endpoint: `handle_publisher_request` (`crates/common/src/publisher.rs`). - Retrieves or generates the trusted synthetic identifier before Fastly consumes the request body. -- Always stamps the proxied response with `X-Synthetic-Fresh` and `X-Synthetic-Trusted-Server` headers and, when the browser does not already present one, sets the `synthetic_id=` cookie (Secure + SameSite=Lax) bound to the configured publisher domain. +- Always stamps the proxied response with `X-Synthetic-Fresh` and `x-psid-ts` headers and, when the browser does not already present one, sets the `synthetic_id=` cookie (Secure + SameSite=Lax) bound to the configured publisher domain. - Result: downstream assets fetched through the same first-party origin automatically include the synthetic ID header/cookie so subsequent proxy layers can read it. ### Creative Asset Proxy