- From: Anant Narayanan <anant@mozilla.com>
- Date: Sat, 26 May 2012 10:26:24 -0700
- To: Adam Barth <w3c@adambarth.com>
- CC: Marcos Caceres <w3c@marcosc.com>, Marcos Caceres <marcosscaceres@gmail.com>, public-webapps@w3.org
On 05/25/2012 11:11 PM, Adam Barth wrote: > On Fri, May 25, 2012 at 7:39 AM, Marcos Caceres<w3c@marcosc.com> wrote: >> On Sunday, May 13, 2012 at 5:47 PM, Anant Narayanan wrote: >>>>> installs_allowed_from: An array of origins that are allowed to trigger installation of this application. This field allows the developer to restrict installation of their application to specific sites. If the value is omitted, installs are allowed from any site. >>>> >>>> How are origins parsed? >>> >>> I'm not sure what the question means, but origins are essentially a >>> combination of [protocol]://[hostname]:[port]. Whenever an install is >>> triggered, the UA must check if the origin of the page triggering the >>> install is present in this array. * is a valid value for >>> installs_allowed_from, in which case the UA may skip this check. >> >> By parsing I mean which ones win, which ones get discarded, what happens to invalid ones, are they resolved already, etc. in the following: >> >> installs_allowed_from: [ " http://foo/ ", "bar://", 22, "https://foo/bar/#*", "http://foo:80/", "wee!!!", "http://baz/hello there!", "http://baz/hello%20there!"] >> >> And so on. So, all the error handling stuff. Or is a single error fatal? > > I seem to have missed the context for this thread, but typically > origins are not parsed. They're compared character-by-character to > see if they're identical. If you have a URL, you can find its origin > and then serialize it to ASCII or Unicode if you want to compare it > with another origin. Ah we could certainly do this, but in our current implementation a single error is fatal. I do like the idea of not making sure that the origins are valid, especially for installs_allowed_from. -Anant
Received on Saturday, 26 May 2012 17:26:56 UTC