Closed Bug 1095461 Opened 5 years ago Closed 4 years ago
Honour manifest-src CSP directive when obtaining a manifest
The algorithm for obtaining a web manifest  requires that the user agent honour the manifest-src CSP directive. 1. https://w3c.github.io/manifest/#obtaining
As I understand it, by default the manifest spec allows for a manifest to be hosted on a different origin from the web page which links to it in a <link rel="manifest"> element, as long as the start_url is same-origin with the web page linking to the manifest. However, the spec also requires that the user agent honour a manifest-src CSP directive if the developer wishes to lock this down further.
duplicated with Bug 1089255?
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1089255
You need to log in before you can comment on or make changes to this bug.