Closed
Bug 876984
Opened 11 years ago
Closed 11 years ago
Create an API for changing manifest URLs
Categories
(Core Graveyard :: DOM: Apps, defect)
Core Graveyard
DOM: Apps
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: dbuchner, Unassigned)
Details
This feature enables the following app use-cases: - Apps can do custom feature profiling, according to their own measures, to choose which content and features within apps to install or leverage. - Marketplace can prevent apps from breaking with incompatible updates (when possible) - Marketplace can implement hosted app blocklisting (with minimal effort) - Marketplace can aid partners and users experiencing issues caused by domain registrars - Marketplace can aid partners to transition apps to use HTTPS (currently not possible) Suggested restrictions for this API: - May only be used by privileged apps (requires "change_manifest" permission) - May only be used to change manifest URLs of apps installed by the calling app Potential risks: - Devices experiencing man-in-the-middle attacks could be manipulated to install potential malware without user action - Marketplaces whose servers have been compromised could potentially install potential malware without user action Example usage: navigator.mozApps.changeManifest("http://foo.com/url.webapp", "https://bar.com/url.webapp")
Comment 1•11 years ago
|
||
Based on the thread in dev-webapps, I do not think there is a huge consensus behind this. I would like the discussion to happen in the mailing-list instead of in the bug if possible.
Updated•11 years ago
|
Component: DOM: Device Interfaces → DOM: Apps
Comment 2•11 years ago
|
||
I'm going to close this for now until we get clear agreement on what to do here. When we get agreement, file a new bug on what we plan to do. See https://bugzilla.mozilla.org/show_bug.cgi?id=873900#c30 as well on what I think the right path forward is.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Comment 3•11 years ago
|
||
Actually, I screwed up my comment 2 here. Meant to say - let's get agreement on dev-webapps before we move forward with an API definition.
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•