- From: Matt Giuca <notifications@github.com>
- Date: Sun, 31 May 2020 18:04:51 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 1 June 2020 01:05:04 UTC
I think it's OK for HTTP pages to download and apply pieces of the manifest, but the actual ability to install an app (which creates permanent state on the user's machine) should be restricted to HTTPS. Can we make that distinction? We currently mention it non-normatively in [installability signals](https://www.w3.org/TR/appmanifest/#installability-signals). We could make that a normative requirement of installation (but note that all of the normative text around installation was recently removed from the spec). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/887#issuecomment-636561757
Received on Monday, 1 June 2020 01:05:04 UTC