On 8/5/2013 1:41 PM, Mark Giffin wrote:
On 8/5/13 9:49 AM, Harald Kirschner wrote:
you need the origin for 2 purposes:
Cross Origin Resource Sharing (CORS - http://enable-cors.org/) gives
a server the authority to accept and reject requests by origin. When
you open a server up because you don't know the origins of your
clients, you basically allow requests from the whole web. You can
restrict your server to a list of known origins when your clients
have known origins, like apps with "origin".
Thanks Harald! So are you saying that CORS is required if you want to
make use of your app://my-app.com URL?
Also, how can we say that "app://my-app.com" an origin when "app:" is
not a standard protocol (yet)? I don't get any site or anything when I
type app://my-app.com in a browser.
Since webapps can be hosted on any server, who gets to control the
origin listed in the app manifest?
e.g. could I put up a webapp on my own server with any origin listed in
its manifest? Or is there a relationship between the app origin and the
http: or https: domain on which the app is found? Could I publish a
packaged app which was actually same-origin with another app just by
specifying a matching origin in the manifest?
--BDS
_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps
