[whatwg] AppCache feature request: An https manifest should be able to list resources from other https origins.
michaeln at google.com
Tue Jan 25 14:37:55 PST 2011
Would the public-webapps list be better for discussing appcache
This could be as simple as the presence of an
'applicationcaching_allowed' file at the top level. An https manifest
update that wants to retrieve resources from another https origin
would first have to fetch the 'allow' file and see an expected
response, and if it doesn't see a good response, those xorigin entries
would be skipped (matching today's behavior).
Referer: <manifestUrl of the cache trying to include resources from this host>
The expected response headers...
HTTP/1.x 200 OK
The expected response body...
On Thu, Jan 13, 2011 at 3:08 PM, Michael Nordman <michaeln at google.com> wrote:
> AppCache feature request: An https manifest should be able to list
> resources from other https origins.
> I've got some app developers asking for this feature. Currently, it's
> explicitly disallowed by the the spec for valid security reasons, but
> there are also valid reasons to have this capability, like a webapp
> that uses resources hosted on gstatic.
> Seems like a robots.txt like scheme where a site like gstatic can
> declare that its "OK to appcache me from elsewhere" is needed.
> I've opened a chromium bug for this here...
More information about the whatwg