- From: Matt Giuca <notifications@github.com>
- Date: Wed, 01 Jul 2020 22:41:53 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 2 July 2020 05:42:06 UTC
Following up a [review thread](https://github.com/w3c/manifest/pull/834/#pullrequestreview-434708529): the concept of "installability of the document" doesn't make a lot of sense, given that most browsers allow any document to be installed. So we should just remove the concept of "installability of the document". However, we have valuable normative requirements in these steps around a) making up a virtual manifest for sites that have none, and b) reconciling the processed manifest with the document URL to make sure its `scope` and `start_url` are same-origin as the document URL. We should move those into a dedicated algorithm; either a "steps to sanitize a manifest for installation from a document URL" or perhaps "steps to install a document". The goal is to let an external system (such as an app store) install a manifest without any document, but if a browser installs a manifest from a document, disallow installation of an app that's hosted on a different origin to the originating document. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/912
Received on Thursday, 2 July 2020 05:42:06 UTC