Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Web Install] Options for declaring install_sources #785

Open
amandabaker opened this issue Apr 17, 2024 · 0 comments
Open

[Web Install] Options for declaring install_sources #785

amandabaker opened this issue Apr 17, 2024 · 0 comments
Assignees
Labels
Web Install API Declarative install for web apps from a web app.

Comments

@amandabaker
Copy link
Member

We've been discussing changing the shape of install sources to support blocking specific origins. Below is a comparison of the current proposal against 3 new options.

Current proposal

Allow specific sources and block all others, or allow all. Does not permit denying only a subset of origins to install an app.

// 1. Allow all x-origin installs:
"allow_all_install_sources": true,


// 2. Block all x-origin installs:
"allow_all_install_sources": false,


// 3. Allow some x-origin installs:
"install_sources": [ 
  {"origin": "appstore.com"},
  {"origin": "differentappstore.com"}
],
"allow_all_install_sources": false,

New Options

The following options enable all the following scenarios:

  1. allow all x-origin installs for a web app
  2. deny all x-origin installs for a web app
  3. allow only a subset of origins to install an app
  4. deny only a subset of origins to install an app

Option 1

Use a single install_sources array to capture both allowed and blocked install sources.

// 1. Allow all x-origin installs:
"allow_all_install_sources": true,


// 2. Block all x-origin installs:
"allow_all_install_sources": false,


// 3. Allow some x-origin installs with the "allow" action:
"install_sources": [ 
  { "origin": "appstore.com", "action": "allow" },
  { "origin": "differentappstore.com", "action": "allow" }
],
"allow_all_install_sources": false,


// 4. Block some x-origin installs with the "deny" action:
"install_sources": [ 
  { "origin": "appstore.com", "action": "deny" },
  { "origin": "differentappstore.com", "action": "deny" }
],
"allow_all_install_sources": true

Option 2

Use separate allowed_install_sources and blocked_install_sources arrays:

// 1. Allow all x-origin installs:
"allow_all_install_sources": true,


// 2. Block all x-origin installs:
"allow_all_install_sources": false,


// 3. Allow some x-origin installs:
"allowed_install_sources": [
  "appstore.com",
  "differentappstore.com"
],
"allow_all_install_sources": false,


// 4. Or block some x-origin installs:
"blocked_install_sources": [
  "appstore.com",
  "differentappstore.com"
],
"allow_all_install_sources": true

Option 3

Use a single install_sources member to capture all the web install related info:

// 1. Allow all x-origin installs:
"install_sources": {
  "allow_all_sources": true,
}


// 2. Block all x-origin installs:
"install_sources": {
  "allow_all_sources": false,
}


// 3. Allow some x-origin installs:
"install_sources": {
  "action": "allow",
  "sources": [
    "appstore.com",
    "differentappstore.com"
  ],
  "allow_all_sources": false
}


// 4. Or block some x-origin installs:
"install_sources": {
  "action": "deny",
  "sources": [
    "appstore.com",
    "differentappstore.com"
  ],
  "allow_all_sources": true
}

cc @diekus @HowardWolosky @Kbhlee2121

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Web Install API Declarative install for web apps from a web app.
Projects
None yet
Development

No branches or pull requests

2 participants