Re: [manifest] Define identity of a web app. (#272) from Marcos Caceres on 2015-04-30 (public-webapps-github@w3.org from April 2015)

From: Marcos Caceres <notifications@github.com>
Date: Thu, 30 Apr 2015 08:27:02 -0700
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/issues/272/97838504@github.com>

Ok, so, I think the only sensible compromise position is: 

 * Make manifest metadata authoritative (a user agent ignores a page's meta tags): this gives us the ability to perform updates, etc. reliably without relying on the document from which the page was installed.
 * Make only CORS-enabled fetches of the manifest the default, as per https://github.com/w3c/manifest/pull/353. This allows cross origin fetches, but provides content authors the ability to prevent others sites using their manifests without permission. 

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/272#issuecomment-97838504

Received on Thursday, 30 April 2015 15:27:29 UTC