Re: [manifest] Define identity of a web app. (#272)

What if we (Mozilla) used same-origin manifests as an installability signal? That way, Mozilla's products could still enforce same-origin manifests and rely on the manifest as the identity without forcing the same origin behavior on other vendors? It also then gives other OSs the ability to choose their own identifiers. 

We could then evaluate the threat of about that @kenchris mentioned (and potentially look at mitigating that with sub-resource integrity or whatever). 

My 2c. 

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/272#issuecomment-86201335

Received on Wednesday, 25 March 2015 20:19:17 UTC