Re: [w3c/manifest] Allow manifest processing to be invoked without going through an HTML document (PR #1069)

@marcoscaceres commented on this pull request.



> +              on origin A and the manifest is on a different origin B, there is
+              a bidirectional relationship between the two origins.
+            </p>
+            <p>
+              The first check ensures that at least some page on origin A links
+              to the manifest on origin B (otherwise, it would be possible for
+              a manifest on origin B to control the metadata for an
+              unaffiliated app on origin A).
+            </p>
+            <p>
+              The second check ensures that origin B allows (via the [=CORS
+              protocol=]) its manifest to be applied by origin A, and also that
+              the manifest is fetched with or without credentials, as agreed by
+              both origins, as it would if going directly through the document.
+            </p>
+          </div>

```suggestion
          </aside>
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/1069#pullrequestreview-1403006757
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/pull/1069/review/1403006757@github.com>

Received on Thursday, 27 April 2023 00:17:36 UTC