Allow to define cookies and/or HTTP headers for `extra-data`

[bam80]

It's just like capability wget has, to load from the sources protected by username/password: https://stackoverflow.com/a/23454894

713

https://github.com/flathub/flathub/pull/994

[TingPing]

This seems a bit odd to me. If flatpak wants to be able to authenticate purchases that is useful but hardcoding credentials for extra-data is very hacky. It also doesn't help your usecase on flathub either since users do have to actually purchase things themselves.

[bam80]

What I meant is that you hardcode only patterns for the headers, but actual substituted values would be asked from user at install time. For my case, user first purchases the game on it's site as usual, but then inputs his credentials second time while installing the flatpak, to download it as extra-data. I think that kind of duplication is inevitable and wouldn't hurt much

[bam80]

@TingPing is it clear now? What do you think?

[TingPing]

I don't think I like the sound of it but I'm not the person you need to appease.

[bam80]

Who is that person then? @alexlarsson @matthiasclasen

But it seems to me #713 could be easier implemented, and would hopefully allow to merge flathub/flathub#994

[Mikenux]

@bam80 @TingPing

If an app requires authentication to upload data, I think this is something to implement in the app. I don't see the point for a user to authenticate at install time. This would also block app installation in automatic install contexts.

[TingPing]

I'll close this as its too broad in scope. It would be impossible to make a good UX around setting arbitrary cookies/headers.