Loosen restriction on http(s)

[mattgarrish]

As noted by @BigBlueHat in #131 (comment), the restriction to using http(s) for resources when we're not bound to web publications is probably overly restrictive.

Reproducing the relevant parts of that thread below:

BigBlueHat

What about relative URLs?

I'm also concerned about restricting this to http and https. Imagine if this spec were older and restricted it to just http URLs...and then https came along...i.e. not sure restricting scheme--when we don't also restrict a protocol or intended API usage--makes much sense.

iherman
...
However, I fully agree with the second comment. It actually may also create issues with off-line UA implementations which may, in URI terms, rely on file: URIs, in fact, because everything is within a package. So yes, it is clearly an issue to discuss

[mattgarrish]

For context, here's the current restriction:

Manifest URLs are restricted to only the http and https schemes [url].

https://w3c.github.io/pub-manifest/#value-url

[mattgarrish]

I'm fine with dropping the restriction, fwiw, especially at this level. If profiles want/need to restrict the schemes, better to leave that decision to be made at the practical level.

[dauwhe]

It's possible bundled exchanges would be a new protocol.