- From: abflow <notifications@github.com>
- Date: Thu, 01 Apr 2021 05:08:49 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/967/811862438@github.com>
> Whatever restrictions a web app has on network access should be applicable to web sites as well. The goal is not to create new restrictions for websites, but to make web applications secure by default. The expression "web app" is generally used for describing websites with cloud functionality. Those websites are directly reachable via an URL into the browser, such as github.com. It is not the same entry point as a bundled web application. It seems to one that web bundles are binaries that are first downloaded by the users and then subsequently launched into the browser. Therefore, the bundled application is not directly reachable from an URL on the internet like websites are. > I don't think the manifest is the right place to further this goal. The manifest is able to provide information about the bundled web application. But I do not think that websites actually need a manifest, as they are not bundled. > I could see this being a browser level feature when loading a web bundle to disallow network access for the site. Spec work could come into play to enable the site to ask for network access again, perhaps limited to specific origins. Yes, I think that if web bundles are the standardized solution for web application distribution, then the web bundle should not have network access by default. It makes sense as they are conceived to be offline first application. Network access should then be managed via user-permissions. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/967#issuecomment-811862438
Received on Thursday, 1 April 2021 12:09:02 UTC