On 05/08/2013 19:04, Benjamin Smedberg wrote:
On 8/5/2013 1:41 PM, Mark Giffin wrote:
On 8/5/13 9:49 AM, Harald Kirschner wrote:
you need the origin for 2 purposes:
Cross Origin Resource Sharing (CORS - http://enable-cors.org/) gives
a server the authority to accept and reject requests by origin. When
you open a server up because you don't know the origins of your
clients, you basically allow requests from the whole web. You can
restrict your server to a list of known origins when your clients
have known origins, like apps with "origin".
Thanks Harald! So are you saying that CORS is required if you want to
make use of your app://my-app.com URL?
Also, how can we say that "app://my-app.com" an origin when "app:" is
not a standard protocol (yet)? I don't get any site or anything when I
type app://my-app.com in a browser.
Since webapps can be hosted on any server, who gets to control the
origin listed in the app manifest?
The origin manifest property is only available to privileged apps (so
packaged). Hosted need not apply.
e.g. could I put up a webapp on my own server with any origin listed in
its manifest? Or is there a relationship between the app origin and the
http: or https: domain on which the app is found?
No, the signing means self-hosted packaged apps won't install.
> Could I publish a
packaged app which was actually same-origin with another app just by
specifying a matching origin in the manifest?
You could, assuming they both passed review on Marketplace (or some
other future store with an appropriate review proceudre). Verifying
that apps are allowed to use the origin is
https://bugzilla.mozilla.org/show_bug.cgi?id=883185
Afaik, Gaia will baulk if you actually try to install both apps on the
same device though.
_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps
