- From: Lea Verou <notifications@github.com>
- Date: Mon, 15 Apr 2024 14:17:35 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 15 April 2024 21:17:39 UTC
@plinss, @hober and I looked at this today during a breakout. We didn't quite understand how the flow is supposed to work for the app store use case. How would the app store get manifest ids, given that it seems the only way to procure a manifest id is after installation? Why not simply provide URLs to manifest files? What does the additional complexity of a manifest id get us? Also, the `install_sources` field seems to largely be replicating CORS functionality. Obviously, installing is a markedly different use case than reading, so there needs to be some way to declare the author intent that not every website that can read the manifest should be able to install the app, but an `Access-Control-Allow-*` header seems like a more natural fit for this. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/946#issuecomment-2057824908 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/946/2057824908@github.com>
Received on Monday, 15 April 2024 21:17:39 UTC