Hi Webapps,
Per your request for wide review, I've done a brief review of the Manifest for
web application draft with an eye to privacy issues. The comments below are
informed by discussions with the Privacy Interest Group and based on Mike
West's privacy/security questionnaire [0] and my
On Mon, Feb 23, 2015 at 12:42 PM, Jonas Sicking jo...@sicking.cc wrote:
Do we have any data on how common it is for people to use CORS with
credentials? My impression is that it's far less common than CORS
without credentials.
If that's the case then I think we'd get most of the
Hi,
We support that this version of the specification is moved to Candidate status
but we have a few comments/questions:
In this version 1 we miss:
* A permissions field
* A content security policy field. This is only included as a way to state
allowed origins from which the manifest file
