Would the public-webapps list be better for discussing appcache feature requests?
This could be as simple as the presence of an 'applicationcaching_allowed' file at the top level. An https manifest update that wants to retrieve resources from another https origin would first have to fetch the 'allow' file and see an expected response, and if it doesn't see a good response, those xorigin entries would be skipped (matching today's behavior). The request... GET /applicationcaching_allowed Referer: <manifestUrl of the cache trying to include resources from this host> The expected response headers... HTTP/1.x 200 OK Content-Type: text/plain The expected response body... Allowed:* On Thu, Jan 13, 2011 at 3:08 PM, Michael Nordman <micha...@google.com> wrote: > > AppCache feature request: An https manifest should be able to list > resources from other https origins. > > I've got some app developers asking for this feature. Currently, it's > explicitly disallowed by the the spec for valid security reasons, but > there are also valid reasons to have this capability, like a webapp > that uses resources hosted on gstatic. > > Seems like a robots.txt like scheme where a site like gstatic can > declare that its "OK to appcache me from elsewhere" is needed. > > I've opened a chromium bug for this here... > http://code.google.com/p/chromium/issues/detail?id=69594
