- From: Marcos Caceres <w3c@marcosc.com>
- Date: Tue, 27 May 2014 15:53:33 -0400
- To: Ben Francis <bfrancis@mozilla.com>
- Cc: public-webapps <public-webapps@w3.org>
On May 27, 2014 at 3:31:15 PM, Ben Francis (bfrancis@mozilla.com) wrote: > > To be clear, this is the case I was talking about. The benefit > is that it makes it much easier to build a large "app store" of "tailored > app experiences for sites that lack manifests" without the involvement > of app authors themselves. For example,everything.me(http://everything.me) > may have a larger catalogue of "web apps" than the Firefox Marketplace > because the latter requires same-origin manifests and for app > authors to submit their own apps, whereas the former doesn't > require any involvement from app authors themselves. > > One risk of allowing cross-origin manifests might be that these > "tailored app experiences" are perceived by the actual app author > and/or end users as a "fake app" masquerading as the real thing. > In the longer term when additional features are added to the manifest > there could be additional risks. > > That is why I'm interested in feedback on whether this is a desirable > feature or not. That's a very good summary of both the use case and the problems. I'm also interested in hearing feedback. As Ben makes clear, "same-origin" basically kills installations from custom stores. It means one or two additional clicks for users to "install" an app - but we assure that apps are always being installed from "the source". -- Marcos Caceres
Received on Tuesday, 27 May 2014 19:54:02 UTC