- From: Ben Francis <notifications@github.com>
- Date: Thu, 30 Apr 2015 10:41:49 -0700
- To: w3c/manifest <manifest@noreply.github.com>
Received on Thursday, 30 April 2015 17:43:52 UTC
OK, let's wait for feedback from others on whether the app store use case is essential to them. In the mean time... How does the current spec deal with this scenario?: * A web app at foo.com has a manifest at http://foo.com/manifest.json which references a start URL of http://foo.com/index.html * A user installs the app from http://foo.com/page2.html which is allowed because it's the same origin as http://foo.com/index.html * The owner of foo.com changes the start_url in the manifest to http://bar.com/index.html * The user agent updates the app by "periodically checking if the contents of the manifest have been modified" * The user launches the app and it starts at http://bar.com/index.html Doesn't this bypass the mechanism which is supposed to ensure that the start URL is same-origin with the page the app was installed from? --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/272#issuecomment-97893522
Received on Thursday, 30 April 2015 17:43:52 UTC