Closed Bug 876984 Opened 7 years ago Closed 7 years ago
Create an API for changing manifest URLs
This feature enables the following app use-cases: - Apps can do custom feature profiling, according to their own measures, to choose which content and features within apps to install or leverage. - Marketplace can prevent apps from breaking with incompatible updates (when possible) - Marketplace can implement hosted app blocklisting (with minimal effort) - Marketplace can aid partners and users experiencing issues caused by domain registrars - Marketplace can aid partners to transition apps to use HTTPS (currently not possible) Suggested restrictions for this API: - May only be used by privileged apps (requires "change_manifest" permission) - May only be used to change manifest URLs of apps installed by the calling app Potential risks: - Devices experiencing man-in-the-middle attacks could be manipulated to install potential malware without user action - Marketplaces whose servers have been compromised could potentially install potential malware without user action Example usage: navigator.mozApps.changeManifest("http://foo.com/url.webapp", "https://bar.com/url.webapp")
Based on the thread in dev-webapps, I do not think there is a huge consensus behind this. I would like the discussion to happen in the mailing-list instead of in the bug if possible.
I'm going to close this for now until we get clear agreement on what to do here. When we get agreement, file a new bug on what we plan to do. See https://bugzilla.mozilla.org/show_bug.cgi?id=873900#c30 as well on what I think the right path forward is.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Actually, I screwed up my comment 2 here. Meant to say - let's get agreement on dev-webapps before we move forward with an API definition.
You need to log in before you can comment on or make changes to this bug.