- From: Ben Francis <notifications@github.com>
- Date: Fri, 03 Apr 2015 12:34:13 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/272/89399819@github.com>
FWIW @PaulKinlan, I agree with you that requiring a Content Type header raises the bar of how difficult it is to create a web app. I've heard differing views on how much of a problem the same-origin restriction is. I do think the mechanism of resolving the start_url against the document URL is a much more convoluted way of ensuring they come from the same origin. I'm also concerned that it may simply not work for some use cases. This mechanism assumes that a web app is always installed from a page belonging to the app, how confident are we that this will always be the case? We haven't currently defined an installation API as part of the spec, but that doesn't mean that implementers don't use their own. Microsoft have said that they are exploring ways to submit a web app to the Windows Store using only a manifest URL. The manifest retrieved from that URL will be used to create a Universal Windows app which can then be installed from the Store without any reference to a document URL. Currently Mozilla also have a proprietary mozApps.install() API which takes a manifest URL as an argument in order to install an app. Creating an API which instead has to fetch a document from a document URL, parse and follow a link relation and then download a manifest, is a much more complex and brittle implementation. If a manifest URL can be used to identify an app and a manifest can be trusted to be authoritative without reference to any document URL then it makes these use cases much more practical. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/272#issuecomment-89399819
Received on Friday, 3 April 2015 19:34:36 UTC