Updates definition of install_sources
#778
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
First review of the install API
Co-authored-by: Amanda Baker <amandaabaker21@gmail.com>
Co-authored-by: Amanda Baker <amandaabaker21@gmail.com>
Co-authored-by: Amanda Baker <amandaabaker21@gmail.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
updates first examples
Co-authored-by: Amanda Baker <amandaabaker21@gmail.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
-separates same and cross domain scenarios -removes canInstall method -adds optional gating for cross-domain as security measure -broadens the privacy spectrum where the inquire field is rendered useless -adds question of letting the UA handle the install/open UI -sets installability criteria to be defined by the UA -removes the mode parameter
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
* makes install_sources's default behaviour up to the implementor
diekus
added
the
Web Install API
Co-authored-by: Howard Wolosky <HowardWolosky@users.noreply.github.com>
amandabaker
reviewed
Apr 10, 2024
There was a problem hiding this comment.
If the behavior varies so widely, how will a store be able to know whether it can install an app on the current browser, especially with the movement to freeze the UA string? E.g. Edge/Chrome allow by default, but Brave or DuckDuckGo (being privacy oriented) block by default.
Since we return Success/Failure but not different flavors of failure cases (e.g. the difference between the user cancelling installation vs the user not being able to install the app due to their default install settings) then I could see users getting very confused when the store doesn't indicate to the user why installation repeatedly fails
WebInstall/explainer_cross_domain.md
Outdated
| A new web-manifest boolean key `allow_all_install_sources` signals that the application can be installed from any source. If set to `true`, the `install_sources` list is ignored (if included). If set to `false` or absent, it defers to the origins listed in `install_sources`. | ||
| The default behaviour of the cross-origin Web Install API can be to allow installations from any origin or from no origin. *This default is defined by the implementer*. The `install_sources` field in the manifest file specifies detailed origin installation permission allowing finer control by the web app on which origin(s) can install it. | ||
|
|
||
| * **Cross-origin installations ON by default**: If the default behaviour is that an origin can be installed from any origin, then any origin can install an app from a different origin. In the presence of an `installed_sources` field, then the default is inverted and only the subset of origins specified in its value can install the app. |
There was a problem hiding this comment.
Suggested change
| * **Cross-origin installations ON by default**: If the default behaviour is that an origin can be installed from any origin, then any origin can install an app from a different origin. In the presence of an `installed_sources` field, then the default is inverted and only the subset of origins specified in its value can install the app. | |
| * **Cross-origin installations ON by default**: If the default behaviour is that an origin can be installed from any origin, then any origin can install an app from a different origin. In the presence of an `install_sources` field, then the default is inverted and only the subset of origins specified in its value can install the app. |
WebInstall/explainer_cross_domain.md
Outdated
|
|
||
| * **Cross-origin installations OFF by default**: If the implementer decides to make the default behaviour of cross-origin installations OFF by default, then no third party origin can install the web application. This is the most restrictive case, and the web app conforms to its usual behaviour of only being able to be installed from its same origin. If there is an `install_sources` field present in the manifest file, then only the specific set of origins specified in that value can install the app. | ||
|
|
||
| In both cases, the `install_sources` field overrides the default behaviour adopted by the UA and allows only the specified origins to installed the application. |
There was a problem hiding this comment.
Suggested change
| In both cases, the `install_sources` field overrides the default behaviour adopted by the UA and allows only the specified origins to installed the application. | |
| In both cases, the `install_sources` field overrides the default behaviour adopted by the UA and allows only the specified origins to install the application. |
WebInstall/explainer_cross_domain.md
Outdated
| To ensure that the developer can have control of where their app can be installed from independent of the implementors default behaviour, a new web-manifest boolean key `allow_all_install_sources` can tell the UA that the application can be installed from any or no other origin. | ||
|
|
||
| * if set to `true`, the `install_sources` list is ignored (if included) and the app can be installed from any origin. | ||
| * if set to `false`, the `install_sources` list is ignored (if included) and the app can be installed only from the same-origin it is hosted. |
There was a problem hiding this comment.
What about the case where the browser allows install by default, but the developer only wants to allow a few vetted stores to install? This would block that scenario.
What about:
Suggested change
| * if set to `false`, the `install_sources` list is ignored (if included) and the app can be installed only from the same-origin it is hosted. | |
| * if set to `false`, the `install_sources` list is respected (if included) and the app can be installed only from the origins listed in `install_sources` or the same-origin it is hosted. |
There was a problem hiding this comment.
Chatted offline. Diego's suggestion was to change this to discuss the order of precedence:
install_sources(if provided the UA assumes the dev wants to block by default)allow_all_install_sources- UA default behavior of allow or block by default.
|
Chatted offline. WRT my comment around browsers behaving differently, Diego pointed out that devs will already need to handle error cases, so for the scenario described above, the store can decide that, after a certain number of failed installations, it should prompt the user to navigate to the site and try to install it themself. Plus, if most browsers decide to allow by default, then this is a non-issue |
amandabaker
approved these changes
Apr 19, 2024
amandabaker
requested changes
Apr 19, 2024
|
Abandoning in favor of #793 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the definition of the
install_sources's behaviour to be up to the implementor of the API, and details mechanisms that developers have to tailor the app's distribution to their needs.