- From: Marcos Cáceres <notifications@github.com>
- Date: Mon, 13 Apr 2026 07:15:36 -0700
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1171/c4237059065@github.com>
marcoscaceres left a comment (w3c/manifest#1171) This has come up a few times and it's complicated: What you’re describing introduces an out-of-band fetch path where the OS (or UA on its behalf) can update icons outside a browsing context. The problem with that is it bypasses the origin’s *security model* (CSP, service workers, fetch behavior, etc.). From a user perspective, that means app identity surfaces (like icons) can change without the site being loaded, and without the protections the developer put in place. In particular, it creates a path for persistent spoofing of installed apps if those resources are ever temporarily compromised, and generally makes behavior harder to reason about. The intent of this change is to keep things consistent: > resources that affect user-visible app identity are fetched under the same policy constraints as the rest of the app. That does mean the UA needs to fetch and hand assets to the OS, rather than the OS fetching them directly. In practice, I think that's how most platforms behave today... or, at least I hope... will need to check. So while it reduces some flexibility, it avoids introducing a second, less constrained fetch path for security-sensitive resources. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/1171#issuecomment-4237059065 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/pull/1171/c4237059065@github.com>
Received on Monday, 13 April 2026 14:15:40 UTC