W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2014

Re: [manifest] Fetching restriction, Re: [manifest] Update and call for review

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 28 May 2014 10:37:39 +0200
Message-ID: <CADnb78gN97BqKfCifnOR+tw8moT4hOGRvQdVNRW6sfVm=K+Hcw@mail.gmail.com>
To: Marcos Caceres <w3c@marcosc.com>
Cc: Ben Francis <bfrancis@mozilla.com>, public-webapps <public-webapps@w3.org>
On Tue, May 27, 2014 at 9:53 PM, Marcos Caceres <w3c@marcosc.com> wrote:
> On May 27, 2014 at 3:31:15 PM, Ben Francis (bfrancis@mozilla.com) wrote:
>> One risk of allowing cross-origin manifests might be that these
>> "tailored app experiences" are perceived by the actual app author
>> and/or end users as a "fake app" masquerading as the real thing.
>> In the longer term when additional features are added to the manifest
>> there could be additional risks.
>>
>> That is why I'm interested in feedback on whether this is a desirable
>> feature or not.
>
> That's a very good summary of both the use case and the problems. I'm also interested in hearing feedback. As Ben makes clear, "same-origin" basically kills installations from custom stores.

Wait what? Man-in-the-middling someone's content is not a use case.


-- 
http://annevankesteren.nl/
Received on Wednesday, 28 May 2014 08:38:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:24 UTC