Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web Install API - Cross-Origin #946

Open
plinss opened this issue Apr 15, 2024 · 1 comment
Open

Web Install API - Cross-Origin #946

plinss opened this issue Apr 15, 2024 · 1 comment
Assignees
@hober @LeaVerou
Labels
Focus: API design (pending) Focus: Security (pending) Focus: Web architecture (pending) Missing: venue Mode: breakout Work done during a time-limited breakout session Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review Review type: CG early review An early review of general direction from a Community Group

Comments

@plinss
Copy link
Member

plinss commented Apr 15, 2024
edited

Hola TAG!
I'm requesting an early TAG review of the Web Install API.

The Web Install API allows a web site to install a web app (cross domain). This functionality allows the creation of web based catalogues that can install PWAs directly from the web and into multiple platforms.

  • Explainer¹ (minimally containing user needs and example code): Explainer
  • User research: N/A
  • Security and Privacy self-review²: Security Questionnaire
  • GitHub repo (if you prefer feedback filed there): GitHub repo
  • Primary contacts (and their relationship to the specification):
    Diego Gonzalez, GitHub, Microsoft
  • Organization/project driving the design: Microsoft Edge
  • External status/issue trackers for this feature: Chrome Status

Further details:

  • [ X ] I have reviewed the TAG's Web Platform Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future):
  • The group where standardization of this work is intended to be done ("unknown" if not known): Unknown/webapps
  • Existing major pieces of multi-stakeholder review or discussion of this design: N/A
  • Major unresolved issues with or opposition to this design: N/A
  • This work is being funded by: Microsoft Edge

You should also know that...

there's plenty of positive developer feedback for an API like this one!
@plinss plinss mentioned this issue Apr 15, 2024
Open
@LeaVerou
Copy link
Member

@plinss, @hober and I looked at this today during a breakout. We didn't quite understand how the flow is supposed to work for the app store use case. How would the app store get manifest ids, given that it seems the only way to procure a manifest id is after installation? Why not simply provide URLs to manifest files? What does the additional complexity of a manifest id get us?

Also, the install_sources field seems to largely be replicating CORS functionality. Obviously, installing is a markedly different use case than reading, so there needs to be some way to declare the author intent that not every website that can read the manifest should be able to install the app, but an Access-Control-Allow-* header seems like a more natural fit for this.

@rhiaro rhiaro added Review type: CG early review An early review of general direction from a Community Group Missing: venue Mode: breakout Work done during a time-limited breakout session Focus: API design (pending) Focus: Web architecture (pending) Focus: Security (pending) labels May 6, 2024
@rhiaro rhiaro assigned rhiaro, hober and LeaVerou and unassigned rhiaro May 6, 2024
@rhiaro rhiaro added Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review and removed Progress: untriaged labels May 6, 2024
@torgo torgo added this to the 2024-05-20-week:c milestone May 19, 2024
@plinss plinss removed this from the 2024-05-20-week:c milestone May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hober hober

@LeaVerou LeaVerou

Labels
Focus: API design (pending) Focus: Security (pending) Focus: Web architecture (pending) Missing: venue Mode: breakout Work done during a time-limited breakout session Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review Review type: CG early review An early review of general direction from a Community Group
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hober @LeaVerou @torgo @rhiaro @plinss