- From: Lu <notifications@github.com>
- Date: Tue, 20 Aug 2024 14:23:07 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 20 August 2024 21:23:11 UTC
## Request and Response Header For multiple sub-domains included from the web app manifest using a same-site entry, we can make use of a request and response header design with no preflight. This allows a subdomain origin that was include via the same site manifest entry to explicitly confirm its participation. This also doesn't request an association file to be fetched immediately before fetching the resource. This is largely what @reillyeon proposed above. Example: App window navigates to https://foo.com * Request contains `App-Id: https://myapp.com/index.html` header. * Response contains `App-Scope-Extension-Allow-Id: https://myapp.com/index.html, https://otherapp.com/index.html` The server can either configure a static list of app ids for simplicity or dynamically control the value of `App-Scope-Extension-Allow-Id` and use this to implement scoping. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/875#issuecomment-2299789425 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/875/2299789425@github.com>
Received on Tuesday, 20 August 2024 21:23:11 UTC