- From: Matt Giuca <notifications@github.com>
- Date: Wed, 10 Oct 2018 17:22:09 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 11 October 2018 00:22:32 UTC
I think in principle having an API to install another manifest (essentially, similar to beforeinstallprompt, allowing you to trigger an app install prompt, but for a different origin's manifest) is OK. It would be consistent with the values of the web for browsers to allow third-party "broker" sites to install other apps. We'd have to be very careful from a security standpoint that you are not being spoofed. For a start, that means the install dialogs would need to show (in a browser-controlled way) the origin of the site being installed. > The browser will prompt the user "Do wou want to install this app to your homescreen" anyway, which means, that the user really wants it. There is no need to say it twice. That's somewhat reasonable, but I would possibly want some defense-in-depth here and also require the user to accept a permission to install sites. Otherwise any site could suddenly start popping up prompts to install malicious web apps. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/726#issuecomment-428775863
Received on Thursday, 11 October 2018 00:22:32 UTC