- From: Martin Thomson <notifications@github.com>
- Date: Wed, 07 Aug 2024 00:25:54 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 7 August 2024 07:25:58 UTC
Interesting idea. How would that be realized though? You would send the target resource the `App-Id`, have it recognize that it is being framed it, then accept that with a field (`Allow-App-Scope-Extension`). That would work in that it is sufficiently granular, but I have two concerns: 1. Operationally, that seems more difficult to manage than the approach that @LuHuangMSFT and @dmurph are advocating for. 2. As a practical matter, at the time that the request is made, a lot of stuff about a request has been predetermined (things like `Sec-Fetch-Dest`). I'm not sure whether a request for navigation in an app (i.e., what would happen if the resource is in the app scope) would differ from navigation in a browser (i.e., what would happen if it were not). Having to pick one and then back out if it fails would be good to avoid. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/875#issuecomment-2272800815 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/875/2272800815@github.com>
Received on Wednesday, 7 August 2024 07:25:58 UTC