Re: [manifest] Define identity of a web app. (#272) from Janusz Majnert on 2015-05-01 (public-webapps-github@w3.org from May 2015)

From: Janusz Majnert <notifications@github.com>
Date: Fri, 01 May 2015 08:10:42 -0700
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/issues/272/98152741@github.com>

>    Make manifest metadata authoritative (a user agent ignores a page's meta tags): this gives us the ability to perform updates, etc. reliably without relying on the document from which the page was installed.

+1. This is IMO the most sensible approach

 >   Make only CORS-enabled fetches of the manifest the default, as per #353. This allows cross origin fetches, but provides content authors the ability to prevent others sites using their manifests without permission.

+1. As @benfrancis noted, this doesn't solve the rogue-app-store scenario in which the manifest is the only source about information about the app. IMHO, a sensible app store would validate such an app submission by visiting the app's site and checking for example if the app links to the same manifest.


---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/272#issuecomment-98152741

Received on Friday, 1 May 2015 15:11:10 UTC