- From: Marcos Cáceres <notifications@github.com>
- Date: Wed, 26 Apr 2023 17:17:30 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 27 April 2023 00:17:36 UTC
@marcoscaceres commented on this pull request. > + on origin A and the manifest is on a different origin B, there is + a bidirectional relationship between the two origins. + </p> + <p> + The first check ensures that at least some page on origin A links + to the manifest on origin B (otherwise, it would be possible for + a manifest on origin B to control the metadata for an + unaffiliated app on origin A). + </p> + <p> + The second check ensures that origin B allows (via the [=CORS + protocol=]) its manifest to be applied by origin A, and also that + the manifest is fetched with or without credentials, as agreed by + both origins, as it would if going directly through the document. + </p> + </div> ```suggestion </aside> ``` -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/1069#pullrequestreview-1403006757 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/pull/1069/review/1403006757@github.com>
Received on Thursday, 27 April 2023 00:17:36 UTC