[whatwg] AppCache feature request: An https manifest should be able to list resources from other https origins.

Michael Nordman michaeln at google.com
Tue Jan 25 14:37:55 PST 2011


Would the public-webapps list be better for discussing appcache
feature requests?

This could be as simple as the presence of an
'applicationcaching_allowed' file at the top level. An https manifest
update that wants to retrieve resources from another https origin
would first have to fetch the 'allow' file and see an expected
response, and if it doesn't see a good response, those xorigin entries
would be skipped (matching today's behavior).

The request...

GET /applicationcaching_allowed
Referer: <manifestUrl of the cache trying  to include resources from this host>

The expected response headers...

HTTP/1.x 200 OK
Content-Type: text/plain

The expected response body...

Allowed:*


On Thu, Jan 13, 2011 at 3:08 PM, Michael Nordman <michaeln at google.com> wrote:
>
> AppCache feature request: An https manifest should be able to list
> resources from other https origins.
>
> I've got some app developers asking for this feature. Currently, it's
> explicitly disallowed by the the spec for valid security reasons, but
> there are also valid reasons to have this capability, like a webapp
> that uses resources hosted on gstatic.
>
> Seems like a robots.txt like scheme where a site like gstatic can
> declare that its "OK to appcache me from elsewhere" is needed.
>
> I've opened a chromium bug for this here...
> http://code.google.com/p/chromium/issues/detail?id=69594


More information about the whatwg mailing list