- From: Ben Francis <notifications@github.com>
- Date: Tue, 17 Mar 2015 07:01:22 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/332/82368253@github.com>
> Well in that case, those users would have to define their scope. Currently I think the maximum scope is one origin. If we allow an app to handle the scope of another origin we risk evilapp.com/manifest.json registering to handle navigations to mybank.com. I think the maximum scope should stay as one origin, and should have to be the same origin as the manifest. There was also a proposal for a "stay_in_app" type property to enable defining a URL scope for which navigations which should stay in the app if the user is already in the app (e.g. for third party authentication), and could include more than one origin. We could re-visit that. I do still think it would be great if the default scope of an app is the whole origin of the app manifest, but it would break some existing content. > I am also interested in how to open other apps. Like if I launch a URL which already have a manifest associated (which I have bookmarked etc) then maybe we should just launch that app instead? This is "deep linking" and is already addressed in the spec http://w3c.github.io/manifest/#deep-links Installed apps should be able to capture navigations to URLs which fall within their scope, although nobody has implemented this yet as far as I know. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/332#issuecomment-82368253
Received on Tuesday, 17 March 2015 14:02:24 UTC