You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've been discussing changing the shape of install sources to support blocking specific origins. Below is a comparison of the current proposal against 3 new options.
Current proposal
Allow specific sources and block all others, or allow all. Does not permit denying only a subset of origins to install an app.
// 1. Allow all x-origin installs:"allow_all_install_sources": true,// 2. Block all x-origin installs:"allow_all_install_sources": false,// 3. Allow some x-origin installs:"install_sources": [{"origin": "appstore.com"},{"origin": "differentappstore.com"}],"allow_all_install_sources": false,
New Options
The following options enable all the following scenarios:
allow all x-origin installs for a web app
deny all x-origin installs for a web app
allow only a subset of origins to install an app
deny only a subset of origins to install an app
Option 1
Use a single install_sources array to capture both allowed and blocked install sources.
// 1. Allow all x-origin installs:"allow_all_install_sources": true,// 2. Block all x-origin installs:"allow_all_install_sources": false,// 3. Allow some x-origin installs with the "allow" action:"install_sources": [{"origin": "appstore.com","action": "allow"},{"origin": "differentappstore.com","action": "allow"}],"allow_all_install_sources": false,// 4. Block some x-origin installs with the "deny" action:"install_sources": [{"origin": "appstore.com","action": "deny"},{"origin": "differentappstore.com","action": "deny"}],"allow_all_install_sources": true
Option 2
Use separate allowed_install_sources and blocked_install_sources arrays:
// 1. Allow all x-origin installs:"allow_all_install_sources": true,// 2. Block all x-origin installs:"allow_all_install_sources": false,// 3. Allow some x-origin installs:"allowed_install_sources": ["appstore.com","differentappstore.com"],"allow_all_install_sources": false,// 4. Or block some x-origin installs:"blocked_install_sources": ["appstore.com","differentappstore.com"],"allow_all_install_sources": true
Option 3
Use a single install_sources member to capture all the web install related info:
// 1. Allow all x-origin installs:"install_sources": {"allow_all_sources": true,}// 2. Block all x-origin installs:"install_sources": {"allow_all_sources": false,}// 3. Allow some x-origin installs:"install_sources": {"action": "allow","sources": ["appstore.com","differentappstore.com"],"allow_all_sources": false}// 4. Or block some x-origin installs:"install_sources": {"action": "deny","sources": ["appstore.com","differentappstore.com"],"allow_all_sources": true}
We've been discussing changing the shape of install sources to support blocking specific origins. Below is a comparison of the current proposal against 3 new options.
Current proposal
Allow specific sources and block all others, or allow all. Does not permit denying only a subset of origins to install an app.
New Options
The following options enable all the following scenarios:
Option 1
Use a single
install_sources
array to capture both allowed and blocked install sources.Option 2
Use separate
allowed_install_sources
andblocked_install_sources
arrays:Option 3
Use a single
install_sources
member to capture all the web install related info:cc @diekus @HowardWolosky @Kbhlee2121
The text was updated successfully, but these errors were encountered: