Check for secure context before installing web app

[iTrooz]

PWA should only be installable in a secure context: https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps/Guides/Making_PWAs_installable#secure_context

Initially, I wanted the replace the current https check by secure context, because I couldn't install a PWA from localhost. But it turned out to be more complicated than this, because then we could load the manifest over http.
But checking for secure context in itself is still probably a good thing to do

[filips123]

Is is possible that the document has HTTPS URL, but it's still not a secure context? Also, is there some way we could check if manifest is in a secure context (without checking for HTTPS, to also allow localhost and other URLs)?

[iTrooz]

Is is possible that the document has HTTPS URL, but it's still not a secure context?

I think so, yeah: "it must be served in a secure context. This usually means that it must be served over HTTPS"

Also, is there some way we could check if manifest is in a secure context

I don't think so, that's the reason I kept the https checks ):

[filips123]

This could probably still be simplified to:

manifestUrl && manifestUrl.protocol === 'https:' && isSecureContext

So, without the document URL HTTPS check. It shouldn't change anything (as the code was supposed to check for secure context in any case), but it's a bit shorter and cleaner.

[iTrooz]

It won't change anything for localhost/etc.. because the manifest url will still need HTTPS.
And I think keeping that redundant security condition just in case is good

But indeed, this normally shouldn't be any less secure than before. Do you want me to do that ?

[filips123]

It's probably fine.