Re: [w3c/manifest] Provide a way to not open a link in the PWA, in the moment (#989) from Glenn Hartmann on 2024-09-06 (public-webapps-github@w3.org from September 2024)

From: Glenn Hartmann <notifications@github.com>
Date: Fri, 06 Sep 2024 12:51:58 -0700
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/issues/989/2334716309@github.com>

@Moongazer wrote:

> After weeks of digging around, this info came up: "_Theoretically the scope should limit the PWA to only control pages within https://example.com/subdirectory/ and its subdirectories. In reality, the scope doesn't prevent navigation to out-of-scope URLs within the same origin (in this case https://example.com). The browser allows the PWA to navigate to any URL within the same origin, even if it's outside the defined scope_".
> 
> Is that true, and if so: why? That totally messes up the concept of having a scope.

That should not be the case for Android PWAs. You can try yourself with https://special-victorious-polonium.glitch.me/app - the scope is set to `/app/`, and if you click the small link labeled `nonapp`, it'll navigate to a URL outside of that scope (but on the same origin). When using the installed PWA (called a "WebAPK" on Android), you should see a URL bar at the top on out-of-scope pages, which indicates that the page is being loaded in a [Custom Tab](https://developer.chrome.com/docs/android/custom-tabs) rather that in the PWA's main context.

@Moongazer wrote:

> If that would work, it would be an easy solution, because links to shop or product-pages can be just out of PWA scope, to be opened automatically in the default browser, but that seems not possible yet:
> 
> * `https://example.com/subdirectory/#/login` opens in PWA because it's in the scope
> * `https://example.com/product-list` clicked from inside PWA should open default browser because out of scope
> 

Note that I'm not aware of any requirement that an out-of-scope URL must be loaded in the system's default browser. Quoting [the spec](https://www.w3.org/TR/appmanifest/#nav-scope):

> If the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [active document](https://html.spec.whatwg.org/multipage/document-sequences.html#nav-document)'s [URL](https://dom.spec.whatwg.org/#concept-document-url) is not [within scope](https://www.w3.org/TR/appmanifest/#dfn-within-scope-0) of the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [processed manifest](https://www.w3.org/TR/appmanifest/#dfn-processed-manifest), the user agent SHOULD show a prominent UI element indicating the [URL](https://dom.spec.whatwg.org/#concept-document-url) or at least its [origin](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin), including whether it is served over a secure connection. This UI SHOULD differ from any UI used when the [URL](https://dom.spec.whatwg.org/#concept-document-url) is [within scope](https://www.w3.org/TR/appmanifest/#dfn-within-scope-0) of the [application context](https://www.w3.org/TR/appmanifest/#dfn-application-context)'s [processed manifest](https://www.w3.org/TR/appmanifest/#dfn-processed-manifest), in order to make it obvious that the user is navigating off scope.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/989#issuecomment-2334716309
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/issues/989/2334716309@github.com>

Received on Friday, 6 September 2024 19:52:02 UTC