- From: Daniel Appelquist <notifications@github.com>
- Date: Mon, 25 Sep 2023 09:55:17 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 25 September 2023 16:55:23 UTC
Hi @diekus - thanks for this and thanks also for the TPAC session on this topic which was really interesting! Some initial feedback form our TAG breakout today: We're concerned about potential abuse of the "Web app installation from associated domain" use case, especially in a world where installed webapps might be auto-granted additional permissions. We're generally happy with the same-origin-bound use case of `navigator.install()`. We're wondering if you might consider a phased approach to this where phase 1 tackles the same origin case and phase 2 works on the more complex use cases - as this will give some opportunity to explore how the installation function itself works and will give time to explore and design mitigations for potential abuse cases for associated domain installation. We think the expected venue should probably be Web Applications working group (after this graduates from WICG) and/or the WHATWG HTML workstream. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/888#issuecomment-1734131209 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/888/1734131209@github.com>
Received on Monday, 25 September 2023 16:55:23 UTC