- From: Anssi Kostiainen <notifications@github.com>
- Date: Fri, 17 Apr 2015 06:17:02 -0700
- To: w3c/manifest <manifest@noreply.github.com>
Received on Friday, 17 April 2015 13:17:29 UTC
@benfrancis Ok, I think I got your idea. So in addition to preventing manifest fetches (that effectively prevent adding to home screen et al.), you suggest to also prevent pages from being rendered in the application context if the manifest is unauthorised? Example of what I think you're after: * the page is "installed" using an authorised manifest * the page is tampered with to point to an unauthorised manifest instead * the page is attempted to be launched in the application context * runtime check prevents the page from being rendered Should what follows be an implementation detail? For example, display a dialog similar to [untrusted connection](https://support.cdn.mozilla.net/media/uploads/gallery/images/2011-10-19-09-09-25-5809bb.jpg), that says e.g. "This Web Application is Untrusted", silently fallback to a regular browsing context, something else? --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/360#issuecomment-93983935
Received on Friday, 17 April 2015 13:17:29 UTC