[manifest] Obtaining a Manifest should follow usual CORS rules with credentials. (#353) from Mounir Lamouri on 2015-04-07 (public-webapps-github@w3.org from April 2015)

From: Mounir Lamouri <notifications@github.com>
Date: Tue, 07 Apr 2015 15:21:13 -0700
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/pull/353@github.com>

Requesting to be same-origin with the document doesn't sound needed. If the Manifest is in another origin and it has some Access Controls set allowing it to be used, I think it should be fine to allow it to be used.

In the wild, we've seen a few websites adding there Manifest to cross origins places (like G+ using gstatic).
You can view, comment on, or merge this pull request online at:

  https://github.com/w3c/manifest/pull/353

-- Commit Summary --

  * Obtaining a Manifest should follow usual CORS rules with credentials.

-- File Changes --

    M index.html (12)

-- Patch Links --

https://github.com/w3c/manifest/pull/353.patch
https://github.com/w3c/manifest/pull/353.diff

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/353

Received on Tuesday, 7 April 2015 22:21:42 UTC