Support for mjs_extended_scope manifest member

pwa-builder / PWABuilder-CLI

Node.js tool for App Generation

Other

1.63k stars 142 forks source link

Support for mjs_extended_scope manifest member #183

Closed ghost closed 8 years ago

ghost commented 8 years ago

Replace mjs_access_whitelist with mjs_extended_scope to make more clear the purpose of this setting (i.e. define multiple navigation scope rules).

kenchris commented 8 years ago

@boyofgreen Ah so it is not the scope which is extended. It is the scope for access to extra Windows APIs.

Why not having something like:

mjs_winrt_access_rule mjs_winrt_access_scope

to show they belong together (name could be different)

ghost commented 8 years ago

Actually, it is extending scope. We believe that scope should support multiple origins (see this comment).

mjs_extended_scope allows specifying multiple navigation rules as an array of URL patterns. An URL matching any of these rules will open inside the app.

mjs_extended_scope: [
 "http://domain1.com",
 "http://domain2.com/*",
 "*://domain3.com"
]

Regarding API access rules (either for Windows or for any other platform) they should be specified in the mjs_api_access member.

boyofgreen commented 8 years ago

Yes, it's not completely unheard of to have an app that crosses domains. Fox news is a good example: http://www.foxnews.com/manifest.json This may not get used a lot, but we need to have some mechanism to allow it.

marcoscaceres commented 8 years ago

Although I complete agree, and have plenty of example sites that span multiple origins, in the past we received a lot of pushback from security folks about supporting cross-origin scopes.

I understand their concerns and I think we need to keep pushing on this, but we might need to raise this with the W3C Web Apps Sec WG and see if we can come up with something suitable. Multi-origin sites are a reality today (even if the navigation is as simple as changing sub-domains), so I also think we need to find a solution allowing cross-origin navigation.

On November 26, 2015 at 1:16:52 AM, Jeff Burtoft (notifications@github.com) wrote:

Yes, it's not completely unheard of to have an app that crosses domains. Fox news is a good
example: http://www.foxnews.com/manifest.json This may not get used a lot, but we need to have some mechanism to allow it.

Reply to this email directly or view it on GitHub: https://github.com/manifoldjs/ManifoldJS/issues/183#issuecomment-159637705

boyofgreen commented 8 years ago

@marcoscaceres I'll move this over to your GitHub repo, as I think about the end game for scope, and what an awesome experience it could become, I don't want to break that either. Potentially we need to consider a way to allows urls that are clicked within the app to be kept in the app experience, without needing them to be in the app scope.

marcoscaceres commented 8 years ago

@boyofgreen, sounds great... you probably saw I'm trying to kick off the discussion there too. I'm hoping to have better support in Firefox by early next year for web manifest, so that should help us understand the challenges better as we start consuming content. Note that next month things are going to slow down significantly because of holidays + a scheduled Mozilla event (which is happening all next week ).