- From: Glenn Hartmann <notifications@github.com>
- Date: Fri, 06 Sep 2024 12:51:58 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/989/2334716309@github.com>
@Moongazer wrote: > After weeks of digging around, this info came up: "_Theoretically the scope should limit the PWA to only control pages within https://example.com/subdirectory/ and its subdirectories. In reality, the scope doesn't prevent navigation to out-of-scope URLs within the same origin (in this case https://example.com). The browser allows the PWA to navigate to any URL within the same origin, even if it's outside the defined scope_". > > Is that true, and if so: why? That totally messes up the concept of having a scope. That should not be the case for Android PWAs. You can try yourself with https://special-victorious-polonium.glitch.me/app - the scope is set to `/app/`, and if you click the small link labeled `nonapp`, it'll navigate to a URL outside of that scope (but on the same origin). When using the installed PWA (called a "WebAPK" on Android), you should see a URL bar at the top on out-of-scope pages, which indicates that the page is being loaded in a [Custom Tab](https://developer.chrome.com/docs/android/custom-tabs) rather that in the PWA's main context. @Moongazer wrote: > If that would work, it would be an easy solution, because links to shop or product-pages can be just out of PWA scope, to be opened automatically in the default browser, but that seems not possible yet: > > * `https://example.com/subdirectory/#/login` opens in PWA because it's in the scope > * `https://example.com/product-list` clicked from inside PWA should open default browser because out of scope > Note that I'm not aware of any requirement that an out-of-scope URL must be loaded in the system's default browser. Quoting [the spec](https://www.w3.org/TR/appmanifest/#nav-scope): > If the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [active document](https://html.spec.whatwg.org/multipage/document-sequences.html#nav-document)'s [URL](https://dom.spec.whatwg.org/#concept-document-url) is not [within scope](https://www.w3.org/TR/appmanifest/#dfn-within-scope-0) of the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [processed manifest](https://www.w3.org/TR/appmanifest/#dfn-processed-manifest), the user agent SHOULD show a prominent UI element indicating the [URL](https://dom.spec.whatwg.org/#concept-document-url) or at least its [origin](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin), including whether it is served over a secure connection. This UI SHOULD differ from any UI used when the [URL](https://dom.spec.whatwg.org/#concept-document-url) is [within scope](https://www.w3.org/TR/appmanifest/#dfn-within-scope-0) of the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [processed manifest](https://www.w3.org/TR/appmanifest/#dfn-processed-manifest), in order to make it obvious that the user is navigating off scope. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/989#issuecomment-2334716309 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/989/2334716309@github.com>
Received on Friday, 6 September 2024 19:52:02 UTC