[whatwg] AppCache feature request: An https manifest should be able to list resources from other https origins.

Michael Nordman michaeln at google.com
Wed Jan 26 12:28:20 PST 2011

I was alluding to a simple robots.txt like solution with the static
'allow' file, but it seems like CORS could work too, it is more
burdensome to setup due to the additional HTTP headers.

GET /some-resource
Origin: https://acme.com

HTTP/1.x 200 OK
Access-Control-Allow-Origin: * | https://acme.com

Unless the the origin is allowed, the resource will not be added to
the cache and the update will fail.

On Wed, Jan 26, 2011 at 12:50 AM, Anne van Kesteren <annevk at opera.com> wrote:
> On Tue, 25 Jan 2011 23:37:55 +0100, Michael Nordman <michaeln at google.com>
> wrote:
>> Would the public-webapps list be better for discussing appcache
>> feature requests?
> It's not a feature drafted in any of the WebApps WG specifications. If you
> want to discuss at the W3C the appropriate place would be the HTML WG.
> Also,
> http://wiki.whatwg.org/wiki/FAQ#Is_there_a_process_for_adding_new_features_to_a_specification.3F
> might be interesting. (Though you are probably aware of it.)
>> This could be as simple as the presence of an
>> 'applicationcaching_allowed' file at the top level. An https manifest
>> update that wants to retrieve resources from another https origin
>> would first have to fetch the 'allow' file and see an expected
>> response, and if it doesn't see a good response, those xorigin entries
>> would be skipped (matching today's behavior).
>> The request...
>> GET /applicationcaching_allowed
>> Referer: <manifestUrl of the cache trying  to include resources from this
>> host>
>> The expected response headers...
>> HTTP/1.x 200 OK
>> Content-Type: text/plain
>> The expected response body...
>> Allowed:*
> So far we have avoided this type of design as it is rather brittle. Maybe
> CORS can be used?
> --
> Anne van Kesteren
> http://annevankesteren.nl/

More information about the whatwg mailing list