-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web Install API - Cross-Origin #946
Comments
@plinss, @hober and I looked at this today during a breakout. We didn't quite understand how the flow is supposed to work for the app store use case. How would the app store get manifest ids, given that it seems the only way to procure a manifest id is after installation? Why not simply provide URLs to manifest files? What does the additional complexity of a manifest id get us? Also, the |
Hola @hober @plinss and @LeaVerou, Thanks for your patience! In the app store use case, the developer must already have this information. Could be asked when an app is being submitted or previous information that someone wanting to link and install 3P apps can easily find out. For cross-origin installs, the installing origin needs to have the to-be-installed origin's manifest id beforehand. Part of the reason we prefer to have an id for the app instead of pointing to the manifest's URL is because this URL can change. The About CORS I think this is good feedback! I'd like to keep CORS functionality implementation open to a future/parallel expansion of Web Install for sure. To start though, CORS is a bit less developer friendly, and thinking about developer ergonomics I'd like to have the install origins definition not rely (only) on headers. If both CORS and manifest |
@diekus wrote:
Why? Having a manifest at all isn't required for the same-origin installation case, so why require it in the cross-origin one? |
Put another way: if any website can provide a button for the user to add it to the Home Screen or Dock, and if it's reasonable for some other website to be able to initiate that on the original site's behalf (a premise I'm not personally sold on but let's grant it for the sake of this conversation), why would we limit the second scenario to a(n inscrutable to the user) subset of websites? |
Hola @hober, thanks for your feedback, we've been pondering about the implications of First, we want to make both use cases require an This resolves the concern in a way that makes the API consistent independent of the use case (same/cross-origin) and doesn't require the same-origin to-be-installed-content to have a manifest id or to be a web app. We believe it prevents developers from creating a bad app ecosystem as well. In the case of cross-origin installations, the requirement is to be an installable app and to require a manifest due to bad actor potential and avoiding a bad site to install any URL. This is achieved by opting into the installation sources field, which is present in a manifest file. |
In case it's helpful, I modified my earlier proposal here to match what Diego is proposing after we had a discussion. I am in alignment with Diego here, and that doc goes a little more in depth into the use-cases & edge cases here related to supplying an id field. |
Hola TAG!
I'm requesting an early TAG review of the Web Install API.
The Web Install API allows a web site to install a web app (cross domain). This functionality allows the creation of web based catalogues that can install PWAs directly from the web and into multiple platforms.
Diego Gonzalez, GitHub, Microsoft
Further details:
You should also know that...
there's plenty of positive developer feedback for an API like this one!
The text was updated successfully, but these errors were encountered: