Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Describe manifest update behavior #1011

Merged
merged 15 commits into from
Feb 17, 2022
Merged

Describe manifest update behavior #1011

Changes from 13 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
9534039
Describe manifest update behavior with app identity
philloooo Sep 29, 2021
1473290
fix missing section
philloooo Sep 30, 2021
482259b
Move privacy recommendations to second paragraph as recommended in pr…
philloooo Sep 30, 2021
fe8f846
Merge branch 'gh-pages' into update
marcoscaceres Oct 4, 2021
2b32672
Update index.html
philloooo Oct 11, 2021
a80d96f
Merge branch 'w3c:gh-pages' into update
philloooo Nov 2, 2021
ff204a0
address comments
philloooo Nov 2, 2021
b27c7ec
Merge branch 'gh-pages' into update
marcoscaceres Feb 3, 2022
a7231a4
Merge branch 'gh-pages' into update
marcoscaceres Feb 16, 2022
4e64aa4
Update index.html
philloooo Feb 17, 2022
4669fbf
Update index.html
philloooo Feb 17, 2022
c67e456
fix syntax
philloooo Feb 17, 2022
7f7f832
add some context to partial update
philloooo Feb 17, 2022
751e534
Update index.html
philloooo Feb 17, 2022
ca2e788
Remove report option
philloooo Feb 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 64 additions & 6 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -842,11 +842,12 @@ <h3>
application, it SHOULD treat that manifest as a description of a
distinct application, even if it is served from the same URL as that
of another application. When the user agent sees a manifest where
|manifest|["id"] [=url/equal|equals=] the [=identity=] of an
already-installed application, it SHOULD be used as a signal that
this manifest is a replacement for the already-installed
application's manifest, and not a distinct application, even if it is
served from a different URL than the one seen previously.
|manifest|["id"] is [=url/equal=] with [=URL serializer/exclude
fragment|exclude fragment true=] to the [=identity=] of an
already-installed application, it SHOULD be used as a signal that this
manifest is a replacement for the already-installed application's
manifest, and not a distinct application, even if it is served from a
different URL than the one seen previously.
</p>
<p class="note">
The [=identity=] can be used by a service that collects lists of web
Expand Down Expand Up @@ -1293,6 +1294,13 @@ <h3>
<li>[=Process the `id` member=] passing |json|, |manifest| and
|document URL|.
</li>
<li>
If the [=document=]'s [=document|processed
manifest=] is not null, and [=document=]'s [=document|processed
manifest=]'s id is not
[=URL/equal=] with [=URL serializer/exclude fragment|exclude fragment true=] to |manifest|["id"],
return.
</li>
<li>[=Process the `scope` member=] passing |json|, |manifest|, and
|manifest URL|.
</li>
Expand Down Expand Up @@ -1421,7 +1429,57 @@ <h3 id="applying">
<h3>
Updating the manifest
</h3>
<aside class="issue" data-number="446"></aside>
<p>
As specified for [^link/rel/manifest^] link relation, the manifest
is fetched and processed on every page load. When the [=processing
a manifest=] is successful, user agents MAY apply updated manifest
to any current and future <a>application contexts</a> associated
with the application.
</p>
<p>
For the purpose of updating, the following member are
<dfn>security-sensitive members</dfn>, as they are presented during
installation and on launch surfaces:
</p>
<ol>
<li>[=manifest/short_name=],
</li>
<li>[=manifest/icons=]
</li>
<li>[=manifest/name=],
</li>
</ol>
<p data-cite="permissions">
User agents SHOULD NOT automatically apply changes to
[=security-sensitive members=] without [=express permission=] from
the user.
</p>
<p>
Instead, user agents SHOULD present changes to [=security-sensitive
members=] with appropriate management options, so the user can make
an informed decision about updating the web application.
</p>
<p>
The user agent MAY automatically apply the changes if the update
does not contain changes to [=security-sensitive members=].
</p>
<aside class="note" title=
"A user agent will not apply a partial update">
<p>
When the update contains changes both to [=security-sensitive
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marcoscaceres I've added some context to the partial update note, let me know what you think.

members=] and other members. A user agent SHOULD not automatically
philloooo marked this conversation as resolved.
Show resolved Hide resolved
partially update. For example, the user agent could present
options to the user:
</p>
philloooo marked this conversation as resolved.
Show resolved Hide resolved
<ol>
<li>Accept the update
</li>
<li>Uninstall the web app, or
</li>
<li>Report the website as abusive/spam.
</li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<li>Report the website as abusive/spam.
</li>
<li>Report the website as malicious.
</li>

</ol>
</aside>
</section>
</section>
</section>
Expand Down