Closed amandabaker closed 2 months ago
or should we just add a "action
" field to the install_sources
list? This would allow to specify to allow/deny installation from the origin that is in the entry.
Example:
"install_sources": [
{"origin": "apps.microsoft.com", "action": "allow"},
{"origin": "store.app", "action": "deny"}
]
This doesn't propose any functional changes to the API, but for the sake of clarity and future proofing the API, should
install_sources
be renamed toallowed_install_sources
?This improves clarity by showing that
allowed_install_sources
would behave the same way regardless of whetherallow_all_install_sources
is set to true, false, or is unset. Initially I thought thatinstall_sources
may function as a block list ifallow_all_install_sources
were set to true.Additionally, it helps to future-proof the API if there is developer feedback that a list of blocked install sources is valuable (e.g. a developer wants to allow all origins to install their app except for a known malicious/questionable origin). Currently there is no signal that this is valuable, but switching to
allowed_install_sources
would help balance the potentialblocked_install_sources
if it were added in the future.cc: @diekus @HowardWolosky @Kbhlee2121