On May 27, 2014 at 3:31:15 PM, Ben Francis (bfrancis@mozilla.com) wrote: > > To be clear, this is the case I was talking about. The benefit > is that it makes it much easier to build a large "app store" of "tailored > app experiences for sites that lack manifests" without the involvement > of app authors themselves. For example,everything.me(http://everything.me) > may have a larger catalogue of "web apps" than the Firefox Marketplace > because the latter requires same-origin manifests and for app > authors to submit their own apps, whereas the former doesn't > require any involvement from app authors themselves. > > One risk of allowing cross-origin manifests might be that these > "tailored app experiences" are perceived by the actual app author > and/or end users as a "fake app" masquerading as the real thing. > In the longer term when additional features are added to the manifest > there could be additional risks. > > That is why I'm interested in feedback on whether this is a desirable > feature or not. That's a very good summary of both the use case and the problems. I'm also interested in hearing feedback. As Ben makes clear, "same-origin" basically kills installations from custom stores. It means one or two additional clicks for users to "install" an app - but we assure that apps are always being installed from "the source". -- Marcos CaceresReceived on Tuesday, 27 May 2014 19:54:02 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:24 UTC