Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the default value for start_url #670

Closed
wants to merge 8 commits into from
Closed

Change the default value for start_url #670

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
169c502
Default start_url to . instead of the document URL.
mgiuca May 4, 2018
680bd65
Added an extra note.
mgiuca May 7, 2018
d52ddfc
Further updates to informative notes.
mgiuca Jun 1, 2018
3481fc5
Fix uls to ols.
mgiuca Jun 15, 2018
8578986
Fix default start_url to ensure it is same-origin as document.
mgiuca Jun 15, 2018
3a1e84a
Make document URL optional in processing manifest.
mgiuca Jun 15, 2018
ee64374
Added a new issue box.
mgiuca Jun 15, 2018
f2007cc
Move and rewrite issue box.
mgiuca Jun 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 52 additions & 15 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -805,7 +805,10 @@ <h2>
<a>scope</a> is missing, the navigation scope will be
<code>/pages/</code> on the same origin. If <a>start_url</a> is
<code>/pages/</code> (the trailing slash is important!), the
navigation scope will be <code>/pages/</code>.
navigation scope will be <code>/pages/</code>. If both
marcoscaceres marked this conversation as resolved.
Show resolved Hide resolved
<a>start_url</a> and <a>scope</a> are missing, they will both default
to the parent path of the manifest URL (assuming it is
<a>same-origin</a> as the document that referenced it).
</p>
<p>
Developers should take care, if they rely on the default behaviour,
Expand Down Expand Up @@ -1338,6 +1341,15 @@ <h3>
<li>Return <var>manifest</var> and <var>manifest URL</var>.
</li>
</ol>
<p class="issue">
There is currently no specified way to obtain a manifest without an
associated <a>top-level browsing context</a>. However, several user
agents do just that (when they install a web application directly
from a manifest URL, without a document). This algorithm, and the
<a>steps to install the web application</a>, should similarly be
written to not require a document. See <a href=
"https://github.com/w3c/manifest/issues/668">#668</a>.
</p>
<div class="note">
<p>
Authors are encouraged to use the HTTP cache directives to
Expand Down Expand Up @@ -1426,9 +1438,9 @@ <h3>
following algorithm. The algorithm takes a <a>string</a>
<var>text</var> as an argument, which represents a <a>manifest</a>,
and a <a>URL</a> <var>manifest URL</var>, which represents the
location of the manifest, and a <a>URL</a> <var>document URL</var>.
The output from inputting an JSON document into this algorithm is a
<dfn>processed manifest</dfn>.
location of the manifest, and an optional <a>URL</a> <var>document
URL</var>. The output from inputting an JSON document into this
algorithm is a <dfn>processed manifest</dfn>.
</p>
<p class="issue">
We need to catch throws associated with enumerations in IDL
Expand Down Expand Up @@ -1801,13 +1813,13 @@ <h3>
<var>base</var> URL.
</li>
<li>If <var>scope URL</var> is failure:
<ul>
<ol>
<li>
<a>Issue a developer warning</a>.
</li>
<li>Return <var>default</var>.
</li>
</ul>
</ol>
</li>
<li>If <var>start URL</var> is not <a>within scope</a> of scope URL:
<ol>
Expand Down Expand Up @@ -1976,41 +1988,66 @@ <h3>
The steps for <dfn>processing the <code>start_url</code> member</dfn>
are given by the following algorithm. The algorithm takes a
<a>USVString</a> <var>value</var>, a <a>URL</a> <var>manifest
URL</var>, and a <a>URL</a> <var>document URL</var>. This algorithm
returns a <a>URL</a>.
URL</var>, and an optional <a>URL</a> <var>document URL</var>. This
algorithm returns a <a>URL</a>.
</p>
<ol>
<li>If <var>document URL</var> is given, and <var>manifest URL</var>
is not <a>same origin</a> as <var>document URL</var>, let
<var>default</var> be <var>document URL</var>.
</li>
<li>Otherwise, let <var>default</var> be the result of <a>parsing</a>
".", using <var>manifest URL</var> as the <var>base</var> URL.
</li>
<li>If <var>value</var> is the empty <a>string</a>, return
<var>document URL</var>.
<var>default</var>.
</li>
<li>Let <var>start URL</var> be the result of <a>parsing</a>
<var>value</var>, using <var>manifest URL</var> as the
<var>base</var> URL.
</li>
<li>If <var>start URL</var> is failure:
<ul>
<ol>
<li>
<a>Issue a developer warning</a>.
</li>
<li>Return <var>document URL</var>.
<li>Return <var>default</var>.
</li>
</ul>
</ol>
</li>
<li>If <var>start URL</var> is not <a>same origin</a> as
<var>document URL</var>:
<li>If <var>document URL</var> is given, and <var>start URL</var> is
not <a>same origin</a> as <var>document URL</var>:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the document URL is not given, and the start_url has a different origin from the manfiest_url, should we require/recommend the parser of the manifest to verify that the start_url's origin acknowledge this manifest_url?

<ol>
<li>
<a>Issue a developer warning</a> that the <a>start_url</a>
needs to be <a>same-origin</a> as <code>Document</code> of the
<a>top-level browsing context</a>.
</li>
<li>Return <var>document URL</var>.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed offline: this is broken for the case where you have a manifest with no start_url hosted on originA, which is a different origin to your document URL (originB). In that case, the start_url will be set to something on originA, which is still a different origin to the document URL.

We need to check the default value when creating it to make sure it is same-origin with document URL.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is correct, and quite annoying as it seems we can't (yet) detach our dependency on the document URL.

I've added a new step which falls back to document URL as the default, if manifest is not same-origin as the document. This will be cleaned up once we fully detach the document URL.

<li>Return <var>default</var>.
</li>
</ol>
</li>
<li>Otherwise, return <var>start URL</var>.
</li>
</ol>
<div class="note">
<p>
The default start URL (if <code>start_url</code> is omitted or an
error) is the <var>manifest URL</var>, with its filename, query,
and fragment removed.
</p>
<p>
This default was changed in June 2018. Manifest authors might wish
to avoid relying on the default behaviour (and explicitly specify
this member), as user agents might still respect the previous
default (the document URL), or ignore the manifest entirely if
<a>start_url</a> is missing.
</p>
<p>
This doesn't apply if the manifest is not <a>same-origin</a> as the
document that referenced it.
</p>
</div>
<div class="example">
<p>
For example, if the value of <a>start_url</a> is
Expand Down