On Mon, Jul 9, 2012 at 4:24 PM, Jason Duell <[email protected]> wrote: > On 07/09/2012 10:04 AM, Jonas Sicking wrote: >> >> To make things as webby as possible though, I >> think such URLs should be given a "real" domain, like app:// >> developer.com/myapp.html. > > Why not just have app:// links always be relative to the app manifest main > page? It's still 'webby' to have URIs like "app://foo.html". It makes it > really clear that you can't access URIs not in the package via the app: > protocol. And finally it allows supporting apps w/o a "home domain" if we > want that.
I sort of like having a domain. For one it means that when making CORS requests we'll have a real origin which the connected to server can use to decide if the request should be allowed or not. And when sending postMessages to contained iframes we can set the .origin property on the message to something useful. Likewise, it means that we have something useful to send in the "Referer" (sic) header. These were the things I could come up with off the top of my head. I suspect there are more given how integrate of a part domains and origins are in the web security model. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
