- From: Marcos Cáceres <notifications@github.com>
- Date: Sun, 31 May 2020 19:00:46 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 1 June 2020 02:00:59 UTC
> I think it's OK for HTTP pages to download and apply pieces of the manifest, but the actual ability to install an app (which creates permanent state on the user's machine) should be restricted to HTTPS. Can we make that distinction? We can. But I think it would be good to make it a normative requirement to restrict obtaining a manifest to HTTPS. The community is trying to deprecate HTTP anyway, so I'd be happy to just force a https check on obtaining. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/887#issuecomment-636574014
Received on Monday, 1 June 2020 02:00:59 UTC