search

MicrosoftEdge / MSEdgeExplainers

Home for explainer documents originated by the Microsoft Edge team
Creative Commons Attribution 4.0 International
1.28k stars 199 forks source link

[Web Install] Should `install_sources` be `allowed_install_sources`? #781

Closed amandabaker closed 2 months ago

amandabaker commented 3 months ago

This doesn't propose any functional changes to the API, but for the sake of clarity and future proofing the API, should install_sources be renamed to allowed_install_sources?

This improves clarity by showing that allowed_install_sources would behave the same way regardless of whether allow_all_install_sources is set to true, false, or is unset. Initially I thought that install_sources may function as a block list if allow_all_install_sources were set to true.

Additionally, it helps to future-proof the API if there is developer feedback that a list of blocked install sources is valuable (e.g. a developer wants to allow all origins to install their app except for a known malicious/questionable origin). Currently there is no signal that this is valuable, but switching to allowed_install_sources would help balance the potential blocked_install_sources if it were added in the future.

cc: @diekus @HowardWolosky @Kbhlee2121

diekus commented 2 months ago

or should we just add a "action" field to the install_sources list? This would allow to specify to allow/deny installation from the origin that is in the entry.

Example:

"install_sources": [ 
        {"origin": "apps.microsoft.com", "action": "allow"},
        {"origin": "store.app", "action": "deny"}

    ]
amandabaker commented 2 months ago

Related https://github.com/MicrosoftEdge/MSEdgeExplainers/issues/785