- From: Marcos Caceres <notifications@github.com>
- Date: Wed, 25 Mar 2015 13:18:51 -0700
- To: w3c/manifest <manifest@noreply.github.com>
Received on Wednesday, 25 March 2015 20:19:17 UTC
What if we (Mozilla) used same-origin manifests as an installability signal? That way, Mozilla's products could still enforce same-origin manifests and rely on the manifest as the identity without forcing the same origin behavior on other vendors? It also then gives other OSs the ability to choose their own identifiers. We could then evaluate the threat of about that @kenchris mentioned (and potentially look at mitigating that with sub-resource integrity or whatever). My 2c. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/272#issuecomment-86201335
Received on Wednesday, 25 March 2015 20:19:17 UTC