- From: Rob Dolin (MSFT) <notifications@github.com>
- Date: Wed, 30 Nov 2016 18:14:32 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Message-ID: <w3c/manifest/issues/449/264059014@github.com>
Below are my quick thoughts on an email to the Web App Sec WG. I'll clean this up based on feedback. Thanks-- --Rob TO: Web App Sec WG FR: Rob Dolin Dear Web App Security WG members, I'm writing on behalf of a number of W3C members working on the W3C Web App Manifest spec. (http://www.w3.org/TR/appmanifest/) We have two use cases where web app developers want to indicate a web app includes multiple domains. - In one case, a web app (scope:Example.com) might have a CDN (scope:ExampleCDN.com), personal data (scope:MyExample.com), etc. that is served from a second domain. - In another case, a web app (scope:Chat.Example.com) might have peer subdomains that are in-scope (scope:Music.Example.com and scope:Video.Example.com) but might also have peer domains that are out-of-scope (scope:Events.Example.com) We are considering a proposal (https://github.com/w3c/manifest/issues/449) where the W3C Web App Manifest file (a JSON file residing on the primary domain) be able to indicate other (HTTPS-only) domains that could be rendered within the context of the web app rather than being rendered in the context of web browser chrome. We would appreciate any questions or suggestions you have as we consider this proposal. Thanks very much-- --Rob -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/449#issuecomment-264059014
Received on Thursday, 1 December 2016 02:19:03 UTC