- From: Matt Giuca <notifications@github.com>
- Date: Tue, 25 Apr 2023 23:00:07 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1069/c1522829753@github.com>
I've done another pass over this section with @alancutter (thanks).
- Changed MUST into a SHOULD. We can't really expect all uses to directly verify this.
- Removed the "or" clause that the document be same-origin as manifest; you still want a link from the document to the manifest either way.
- Added "at least at some point in the past", to acknowledge that you don't need to verify this at install time, just whenever you did the caching.
- Clarify that the CORS request is only needed if the manifest is not same-origin as the document.
I think this basically captures the way that I at least expect this interface to be used outside of HTML. In short, it says "this should be called as-if you found it in an HTML document and invoked the 'steps to process this type of linked resource'". It captures the need to have a link from somewhere on this origin, and make the request with CORS.
Would appreciate another review from at least one of { @marcoscaceres , @dmurph , @aarongustafson } since I've rewritten the prose section in its entirety.
On the plus side, when this was originally proposed we were thinking we'd need a follow up to think about CORS better - that has now been done!
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/1069#issuecomment-1522829753
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/manifest/pull/1069/c1522829753@github.com>
Received on Wednesday, 26 April 2023 06:00:12 UTC