Re: [w3c/manifest] Should the scope terminate by "/"? (#554) from Matt Giuca on 2018-02-01 (public-webapps-github@w3.org from February 2018)

From: Matt Giuca <notifications@github.com>
Date: Thu, 01 Feb 2018 15:58:53 -0800
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/issues/554/362441928@github.com>

Reopening. I just discovered why this is worse than I initially thought (sorry for not spotting this earlier). There's a fundamental problem here with a real-world case.

- If the scope does not end with a '/', it over-matches on any paths that start with the same characters. This was the original bug, and you work around it by always adding a '/' (as I suggested in the non-normative note I added in #590 ). **However,**
- If the scope *does* end with a '/', the user agent won't capture deep links to the slashless version.

Example: There's been some public discussion around the newly launched Google Maps PWA, https://www.google.com/maps?force=pwa

The [manifest](https://www.google.com/maps/preview/pwa/manifest) specifies "scope" as "https://www.google.com/maps". I reported this to the Maps team, suggesting that they add a trailing '/' to the scope, and they said they couldn't, because otherwise any incoming links to "https://www.google.com/maps" would *not* be captured by the app. Good point!

"https://www.google.com/maps" automatically redirects to "https://www.google.com/maps/", which then gets captured by the app, but now we've opened a non-application context which then redirects into an application context. How this manifests depends on the UA but this seems to involve browser windows opening and closing.

We're essentially forcing developers to choose between their scope over-matching on all URLs that start with the same characters, even if they are in a sibling path, **or** the site's canonical URL *not* being matched by the scope. There is no work-around for this. Devs just have to choose between one set of bad behaviour or another.

Ideally, a scope of "https://www.google.com/maps" would match "https://www.google.com/maps" and "https://www.google.com/maps/", but not "https://www.google.com/mapsearch" (a hypothetical future URL for an unrelated product).

Maybe we can break compatibility with SWs here. Note: I think this is also an issue for SWs, but for a different reason (if you click a link to https://www.google.com/maps, you need to be online to get redirected to the offline-available https://www.google.com/maps/). I'll file a separate issue on SWs.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/554#issuecomment-362441928

Received on Thursday, 1 February 2018 23:59:19 UTC