On 05/25/2012 11:11 PM, Adam Barth wrote:
On Fri, May 25, 2012 at 7:39 AM, Marcos Caceres<[email protected]> wrote:
On Sunday, May 13, 2012 at 5:47 PM, Anant Narayanan wrote:
installs_allowed_from: An array of origins that are allowed to trigger
installation of this application. This field allows the developer to restrict
installation of their application to specific sites. If the value is omitted,
installs are allowed from any site.
How are origins parsed?
I'm not sure what the question means, but origins are essentially a
combination of [protocol]://[hostname]:[port]. Whenever an install is
triggered, the UA must check if the origin of the page triggering the
install is present in this array. * is a valid value for
installs_allowed_from, in which case the UA may skip this check.
By parsing I mean which ones win, which ones get discarded, what happens to
invalid ones, are they resolved already, etc. in the following:
installs_allowed_from: [ " http://foo/ ", "bar://", 22, "https://foo/bar/#*";, "http://foo:80/";,
"wee!!!", "http://baz/hello there!", "http://baz/hello%20there!";]
And so on. So, all the error handling stuff. Or is a single error fatal?
I seem to have missed the context for this thread, but typically
origins are not parsed. They're compared character-by-character to
see if they're identical. If you have a URL, you can find its origin
and then serialize it to ASCII or Unicode if you want to compare it
with another origin.
Ah we could certainly do this, but in our current implementation a
single error is fatal. I do like the idea of not making sure that the
origins are valid, especially for installs_allowed_from.
-Anant
