- From: Matt Giuca <notifications@github.com>
- Date: Sun, 31 May 2020 23:17:37 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 1 June 2020 06:17:49 UTC
> Agree - although we could make that case that if no one reads the manifest except over HTTPS, then the spec would match reality. See above edit: Chrome reads manifest over HTTP if the user explicitly installs the app. There are other possible uses of the manifest besides new tab page, just to get higher quality assets for a website, and if there are no explicit security reasons to ban it, I would like to permit it. "motivating incentive to be HTTPS" isn't a strong enough reason; you could apply that to anything. So I think we should keep this as an installation requirement (either explicit in the spec, or just enforced by browsers), not a requirement for fetching. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/887#issuecomment-636635086
Received on Monday, 1 June 2020 06:17:49 UTC