On Thursday, October 31, 2013 at 3:04 PM, Nilsson, Claes1 wrote:

> I want to say that we are interested in implementing the JSON manifest and 
> also to discuss additions to the manifest. Content security policies have 
> already been mentioned and we are looking at something similar to 
> http://developer.chrome.com/extensions/contentSecurityPolicy.html, which 
> allows inclusion of content security policies to support secure hosted apps 
> by defining schemes (https:) that are allowed to use for whitelisting secure 
> origins from which scripts should be accepted.

This is orthogonal to the manifest, as web apps can already do this. Adding 
this to the manifest would only be sugar to allow developers to tighten the 
CSP.  
> I would also like to better understand what a meta tag solution would mean.


See:  
https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html

And:
https://developers.google.com/chrome/mobile/docs/installtohomescreen

So, some standardized thing of the above (without the proprietary prefixes, of 
course).  

> However, as the manifest specification editor Marcos unfortunately is not 
> able to participate in TPAC I am not sure on the most efficient way to 
> discuss the manifest, a joint SysApps-WebApps session with Marcos calling in 
> or a mailing list discussion.

I’m happy to dial in, but would like to know specially what people want to 
discuss about it.  
  
> My main point is to stress our interest in the manifest specification and 
> additions to it.
>  

I think it’s more important to understand the use cases, and then we can 
evaluate if the manifest is the appropriate place to address those.   



Reply via email to