Closed domenic closed 6 years ago
@domenic yes, that's the plan. @marcoscaceres: is this the one you had in mind?
Yep, and we need a strict referrer policy too.
@marcoscaceres let me quickly fix this, and you can open a separate issue with some details on referrer policy? Right now we use the default "client" referrer where it just gets the default referrer URL of the global like everything else, but we can easily change that.
Now that we have a client, we should be respecting the CORS protocol in all these fetches. I meant to include this in #21 but did not.
In particular, this would mean that cross-origin manifests would need to have the proper headers, such as
Access-Control-Allow-Origin: *
.This would apply for both the PMM fetching and the web app manifest fetching.
@rsolomakhin is this reasonable in Chrome's implementation?