Closed Bug 876984 Opened 7 years ago Closed 7 years ago

Create an API for changing manifest URLs


(Core Graveyard :: DOM: Apps, defect)

Not set


(Not tracked)



(Reporter: dbuchner, Unassigned)


This feature enables the following app use-cases:

- Apps can do custom feature profiling, according to their own measures, to choose which content and features within apps to install or leverage.
- Marketplace can prevent apps from breaking with incompatible updates (when possible)
- Marketplace can implement hosted app blocklisting (with minimal effort)
- Marketplace can aid partners and users experiencing issues caused by domain registrars
- Marketplace can aid partners to transition apps to use HTTPS (currently not possible)

Suggested restrictions for this API:

- May only be used by privileged apps (requires "change_manifest" permission)
- May only be used to change manifest URLs of apps installed by the calling app

Potential risks:

- Devices experiencing man-in-the-middle attacks could be manipulated to install potential malware without user action
- Marketplaces whose servers have been compromised could potentially install potential malware without user action

Example usage:

navigator.mozApps.changeManifest("", "")
Based on the thread in dev-webapps, I do not think there is a huge consensus behind this. I would like the discussion to happen in the mailing-list instead of in the bug if possible.
Component: DOM: Device Interfaces → DOM: Apps
I'm going to close this for now until we get clear agreement on what to do here. When we get agreement, file a new bug on what we plan to do.

See as well on what I think the right path forward is.
Closed: 7 years ago
Resolution: --- → INVALID
Actually, I screwed up my comment 2 here. Meant to say - let's get agreement on dev-webapps before we move forward with an API definition.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.