On Mar 16, 2012, at 12:29 PM, Gervase Markham wrote: > On 16/03/12 04:27, Lucas Adamski wrote: >> Gaia app: consists of a1, b1, c1. A typical local app, with a static >> codebase that is installed once, authenticated by a code signature >> and prohibited from dynamically loading additional code. > > So no remote request for JS? No eval and friends? Do we use CSP or similar to > enforce that?
Yup, CSP. See https://bugzilla.mozilla.org/show_bug.cgi?id=768029 >> Granted >> signicant privileges in return. Origin of these apps is probably >> restricted to a small set of app stores as defined by OS >> configuration. > > An extensible set, presumably? Yes. Exact mechanism TBD but letting user decide that is very much the goal. > >> Explicit update process. > > Maybe this is a side question, but: would there be an "allow this app to > auto-update", like on Android, or at least CyanogenMod? > > Certainly, app updates are a pain on Android - it nags me if I ignore them, > and if I accept them, it nags me about different ones tomorrow. > > I'd love a "Yeah, whatever" setting which did auto-updates for all apps which > don't request new permissions. The exact update process is still being fleshed out but I personally would like us to follow silent updates for apps except in cases where the app is requesting additional privileges (and maybe even then, given privacy sensitive ones are requested at runtime anyway). This is a highly subjective question though so allowing a high degree of user control is probably the right balance. > >> B2G app: a2, b2, c2 Remotely hosted but locally cached, identified by >> a manifest. Appears to user as a local app. Codebase restricted to >> a single origin, requires HSTS for authentication. All code (JS, >> HTML CSS) must be loaded from this origin. > > Is the chosen origin defined in the manifest? > How do we validate origins? The Public Suffix List? There has been some substantial discussion since that email; for trusted apps we are looking at a packaged format (and potentially marketplace-hosted apps as an interim step). Either way apps should be homed in their origin (i.e. regardless of the delivery mechanism the app will think its origin is myapp.mystuff.com). This means we can separate the delivery mechanism from the app's runtime context, which provides for a lot of flexibility (ie. the developer could host their app on their own server, and/or on an app store, without having to modify the app). > > If my app comes from foo.bar.com, is the origin automatically foo.bar.com, or > can the app request that the origin be bar.com? > It shouldn't be able to set an arbitrary origin but would be mapped to its "home" origin (even if the content is technically hosted on an app store). Note that this is really just true for trusted and certified apps. Web installed (aka untrusted) apps behave like normal web sites insofar they are loaded directly from their home server. Lucas. > Gerv > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
