Define identity of a web app. #272
Comments
|
//cc @sicking @mounirlamouri do you have any thoughts on the above? |
|
The obvious answer is the manifest URL. Are there any other suggestions? |
|
Given the lack of other ideas. I think we should simply go with the manifest URL yes. |
|
I wouldn't say there is a "lack of ideas" - we just haven't gotten around to this yet. |
|
I think this needs to be a very high priority as it's likely to affect a lot of other features. For example the ServiceWorker registration API might affect what we do here. |
|
Prioritized. Will work on this next. |
marcoscaceres
changed the title
|
Shouldn't the spec state that the identifier is the manifest's canonicalized URL, so that: |
|
Yeah. That sounds right. Is there a difference between canonical URL and resolved URL? I.e. do you need to do anything extra to get the canonical URL after you resolve a URL against its base-URL? |
|
To clarify, URLs are not their serialized string representations - they are objects. Once a string is parsed to a URL, paths are normalized. Hence, there is no such thing as canonical URLs or resolved URLs. There are just URLs. The spec always treats URLs as being in their object form (being parsed from string input) - so adding clarifications like the above wouldn't really help too much. |
|
This makes sense. |
|
@opoto thanks! fixed the busted link. There is some ongoing work to fix cross-document references in the tool I'm using to generate the spec (Respec). That should allow for more seamless jumping between concepts and their definitions. I'm a bit hesitant to add (non-normative) clarifications for concepts defined in other specs, as every time I've done that it's not ended well: either the other document changes and there is a slight mismatch in definition (leading to confusion) - or the Editor of the other spec gets upset because I'm redefining their stuff. |
* 'identity' of github.com:w3c/manifest: Define identity of a web app (closes #272) Conflicts: index.html
# The first commit's message is: Define identity of a web app (closes #272) # The 2nd commit message will be skipped: # Fixup # The 3rd commit message will be skipped: # Fixup
* 'identity' of github.com:w3c/manifest: # This is a combination of 3 commits. # The first commit's message is: Define identity of a web app (closes #272)
Define identity of a web app (closes #272)
|
Elsewhere, I proposed that identity be handled by the OS.
|
|
@marcosc - In a2e8c31#commitcomment-9254539 you wrote:
I'm afraid that I don't fully understand your notion of identity. Why do we even need to have application identity in the manifest spec? At one point the manifest was regarded as just another resource with additional info about the app. |
|
I agree with @marcosc - "authoring requirements" and "best practices" have no meaning for implementations and thus will be ignored in real world. |
|
OK. How about if the "name" field was compulsory, and the start_url was resolved against the manifest URL (can use absolute URL if needs to be cross-origin)? These are things I'd quite like to see anyway and would make sharing a manifest between apps quite impractical. |
|
If we're starting to think of manifests as standalone resources, we need to make start_url obligatory (and maybe not "purely advisory" as well). |
|
Yes, or make start_url have a default of "/" or the directory of the manifest. |
|
Yes. Exactly. It has to point somewhere. |
|
For the record.... Different understandings of the role of the web manifestThis document discusses pros and cons that can arise with the "additive" approach, defined in detail below, being taken in the current standardization of the web manifest. This document proposes an alternative approach that treats the manifest as "authoritative metadata" about a web application. What we mean by authoritative is also described in detail below. Our alternative "authoritative" approach is not without it's own set of pros and cons, but Mozilla would like to present it to other implementers for consideration - particularly as we believe it allows for a different life-cycle management than the current additive approach. Additionally, as the folks standardizing the web manifest have not yet finalized the design of the specification (and no one fully implements it), the cost of switching models might not be too high if other implementers agree. As such, we would appreciate your thoughts on which model would be best to pursue (i.e., continue down current "additive" path or take the "authoritative" approach... or maybe some kind of hybrid approach). Manifest as additive, and its implicationsTo date, the W3C specification has been written with an assumption that the manifest provides additive metadata about a web application (i.e., a collection of web pages). It is additive in the sense that it overrides, amends, or works in concert with metadata found in a web page. For instance, it is valid per spec to have a manifest that contains only the following information: {
"orientation": "landscape",
"display": "standalone",
"scope": "/clockapp/",
"short_name": "Clock"
}And have that associated with a page, "/clockapp/index.html" in the following manner: <!doctype html>
<title>The World Clock — Worldwide</title>
<link rel=manifest href="//:cdn.bar.com/manifest.json">
<meta name='application-name' value='World Clock'>
<link rel='icon' href='clock.ico' sizes='16x16 32x32 48x48 64x64'>As per the current processing rules of the manifest spec, this allows the UA to merge what is declared in the manifest and whatever metadata can be gathered from the DOM of the page from which the web application is being "bookmarked" or "added to home screen". Combining the raw JSON manifest and the metadata from the web page, would yield a "processed manifest" that would look like: {
"orientation": "landscape",
"display": "standalone",
"scope": "/clockapp/",
"short_name": "Clock",
"name": "World Clock",
"icons": [{
"src": "clock.ico",
"sizes": "16x16 32x32 48x48 64x64"
}]
}At install time, the above processed manifest is used to compose a UI dialog that allows the user to install the application. Rationale of additive modelThe rationale for the current additive design and processing model is to leverage legacy metadata declarations found in existing web content. For instance, research conducted by Mozilla in October 2013 showed that In addition, as is the nature of all Web standards, it was assumed that cross-vendor implementation would be gradual - hence this additive model would allow developers to incrementally transition web page metadata from web pages to manifests over approximately 2-6 years (average time for cross-browser parity is +5-7 years). We are currently on ~year 2. Pros
Cons
Manifest as authoritativeThe manifest as authoritative means that the manifest serves as the absolute "source of truth" about a web application - making it distinct from metadata found in individual documents of a web application. As such, when processing the manifest, no fallback metadata is gleaned from the Document from which the manifest was derived. Rationale of authoritative approachThe rationale for the authoritative approach is to make the manifest a useful/standalone resource in its own right: with metadata describing a web app as a whole (all URLs within a defined "scope"), which is separate from metadata describing any single web page from which the manifest might be linked. This allows a manifest to be used independently of any document that makes up the web application itself (e.g., from a marketplace). This is achieved by restricting the manifest to a particular origin:
Pros
Cons
|
|
Ok, so, I think the only sensible compromise position is:
Also, protection against XSS attack is provided by manifest-src. So, evil.com won't be able to inject itself into good.com. |
|
@benfrancis, @sicking, @jmajnert, @kenchris, @PaulKinlan, @anssiko, @mounirlamouri, @alxlu, @slightlyoff, agree with #272 (comment)? |
Yes.
I think you keep misunderstanding the problem people are talking about here. The problem is not other people using your manifest for their own content (what use would that be to them?). It's other people re-packaging your content as an app by creating their own manifest for your content and showing ads in splashscreens, changing the start_url for phishing purposes or selling it in an app store etc. This is why I think the solution needs to be on the app content end, not the manifest end, and is why I suggested the idea of using the CSP header to determine whether to render a page. |
|
(it's similar to the phishing problem that X-Frame-Options solves, which is why I was exploring a similar solution) |
I don't understand how is that even possible with the current spec? Can you show how you would do that, concretely, with say IRC cloud? |
|
(you lose 10 points if you say "marketplace") |
The truth is that it mostly isn't a problem if you assume that web apps are only ever installed from a page of the app, which is the assumption the spec makes. A side effect of this is that the manifest is not a trustable resource in its own right, it can only be used in conjunction with a page of the app. This is why I'm pushing for an answer on whether installing from an app store is considered a valid use case of a web manifest. For example:
As I understand it this was basically the rationale for the same-origin restriction on Firefox Apps. Whether or not this is important for web manifest depends largely on whether installing web apps from an app store, or using the manifest as a useful resource independently of a web page it might be referenced from, are considered valid use cases. |
Yes, which is exactly why I've never understood what the hell you people were talking about :)
Not for this spec. No.
It can't do that. This is already banned.
-10 points (you were warned! :)).
It's not. The assumption is that you install at the application site, not from an app store.
This one is, but only in relation to performing updates of icons, etc. |
OK, I'm fine with that. But are the Firefox Marketplace team, Microsoft and Crosswalk OK with that? |
Hence the ping to everyone. Note that we ripped the manifest out of the Sysapps Working Group to make it work with "The Web" (:tm:) - and not with marketplaces on purpose. Marketplaces have their own set of requirements which are incompatible with this specification. If that's now changing again, this should bounce back to SysApps (at which point I would hand over the editorial reins to people who better understand the requirements around marketplaces, etc.). |
|
OK, let's wait for feedback from others on whether the app store use case is essential to them. In the mean time... How does the current spec deal with this scenario?:
Doesn't this bypass the mechanism which is supposed to ensure that the start URL is same-origin with the page the app was installed from? |
No. The start URL is resolved and forced same origin to the page the app was installed from. If that fails, you get the Document url. So, to update, you need to keep a record of the page where you installed from. |
+1. This is IMO the most sensible approach
+1. As @benfrancis noted, this doesn't solve the rogue-app-store scenario in which the manifest is the only source about information about the app. IMHO, a sensible app store would validate such an app submission by visiting the app's site and checking for example if the app links to the same manifest. |
|
There was once a discussion on the workflow of installing an app from the app store. From what I remember:
For "special" app stores, like FxOS marketplace or Xwalk store, it's up to the store to validate the manifests and provide a special installation API if they wish to have their own installation UX |
I agree with this too.
Can't a developer already do something worse than this?
|
|
Ok, so I'm going to make manifest metadata authoritative and enable CORS by default. I think it's a fair compromise and will allow us to move forward. |
+1 |
The text was updated successfully, but these errors were encountered: