W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2014

Re: [manifest] Fetching restriction, Re: [manifest] Update and call for review

From: Marcos Caceres <w3c@marcosc.com>
Date: Tue, 27 May 2014 15:53:33 -0400
To: Ben Francis <bfrancis@mozilla.com>
Cc: public-webapps <public-webapps@w3.org>
Message-ID: <etPan.5384ed3e.625558ec.3434@Marcoss-MacBook-Pro.local>


On May 27, 2014 at 3:31:15 PM, Ben Francis (bfrancis@mozilla.com) wrote:
> > To be clear, this is the case I was talking about. The benefit  
> is that it makes it much easier to build a large "app store" of "tailored  
> app experiences for sites that lack manifests" without the involvement  
> of app authors themselves. For example,everything.me(http://everything.me)  
> may have a larger catalogue of "web apps" than the Firefox Marketplace  
> because the latter requires same-origin manifests and for app  
> authors to submit their own apps, whereas the former doesn't  
> require any involvement from app authors themselves.
>  
> One risk of allowing cross-origin manifests might be that these  
> "tailored app experiences" are perceived by the actual app author  
> and/or end users as a "fake app" masquerading as the real thing.  
> In the longer term when additional features are added to the manifest  
> there could be additional risks.
>  
> That is why I'm interested in feedback on whether this is a desirable  
> feature or not.

That's a very good summary of both the use case and the problems. I'm also interested in hearing feedback. As Ben makes clear, "same-origin" basically kills installations from custom stores. 

It means one or two additional clicks for users to "install" an app - but we assure that apps are always being installed from "the source". 
 

-- 
Marcos Caceres
Received on Tuesday, 27 May 2014 19:54:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:24 UTC