From 95340396bd9a7067298b126f24770155cd73ae81 Mon Sep 17 00:00:00 2001 From: Phillis Tang Date: Wed, 29 Sep 2021 13:38:53 -0700 Subject: [PATCH 01/11] Describe manifest update behavior with app identity --- index.html | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/index.html b/index.html index bd461530e..446855a24 100644 --- a/index.html +++ b/index.html @@ -1209,6 +1209,29 @@

Updating the manifest

+

+ The manifest is fetched and processed on every page load. When the + processing is successful, user agents MAY apply updated manifest to + any current and future application contexts + associated with the application. +

+

+ When the user agent fetches a manifest as part of an update check, + it MUST [=url/equal|compare=] the fetched processed manifest's + [=manifest/identity=] with the identity of the app being updated. If + it is not equal, the user agent MUST NOT update the installed + application's manifest. +

+
+

+ Privacy and security consideration +

+

+ User agents SHOULD be careful about performing update to manifest + fields like app name and icons. Users should be fully aware if + such fields are to be be updated to avoid web applications being + installed and silently changed to appear as a different one. +

From 1473290cbe4f86a1744a4ff8aafbe1441dd8b640 Mon Sep 17 00:00:00 2001 From: Phillis Tang Date: Thu, 30 Sep 2021 14:40:16 -0700 Subject: [PATCH 02/11] fix missing section --- index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/index.html b/index.html index 446855a24..6e892b885 100644 --- a/index.html +++ b/index.html @@ -1232,6 +1232,7 @@

such fields are to be be updated to avoid web applications being installed and silently changed to appear as a different one.

+ From 482259b1a87eceb7852fc0bb67f955c1b8660735 Mon Sep 17 00:00:00 2001 From: Phillis Tang Date: Thu, 30 Sep 2021 14:43:44 -0700 Subject: [PATCH 03/11] Move privacy recommendations to second paragraph as recommended in previous pr --- index.html | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/index.html b/index.html index 6e892b885..fc570b74c 100644 --- a/index.html +++ b/index.html @@ -1215,6 +1215,12 @@

any current and future application contexts associated with the application.

+

+ User agents SHOULD be careful about performing update to manifest + fields like app name and icons. Users should be fully aware if + such fields are to be be updated to avoid web applications being + installed and silently changed to appear as a different one. +

When the user agent fetches a manifest as part of an update check, it MUST [=url/equal|compare=] the fetched processed manifest's @@ -1222,17 +1228,6 @@

it is not equal, the user agent MUST NOT update the installed application's manifest.

-
-

- Privacy and security consideration -

-

- User agents SHOULD be careful about performing update to manifest - fields like app name and icons. Users should be fully aware if - such fields are to be be updated to avoid web applications being - installed and silently changed to appear as a different one. -

-
From 2b326720a2ec8f310b3b43af1f5008c051ff6f44 Mon Sep 17 00:00:00 2001 From: Yajing Tang Date: Mon, 11 Oct 2021 13:31:17 -0700 Subject: [PATCH 04/11] Update index.html MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marcos Cáceres --- index.html | 1 - 1 file changed, 1 deletion(-) diff --git a/index.html b/index.html index ea949ff1a..3fcf9c4ec 100644 --- a/index.html +++ b/index.html @@ -1221,7 +1221,6 @@

Updating the manifest

-

The manifest is fetched and processed on every page load. When the processing is successful, user agents MAY apply updated manifest to From ff204a058eb38c10818c630f571ddab5aae0b917 Mon Sep 17 00:00:00 2001 From: Phillis Tang Date: Tue, 2 Nov 2021 14:40:35 -0700 Subject: [PATCH 05/11] address comments --- index.html | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/index.html b/index.html index 0daf65974..1b8ae132e 100644 --- a/index.html +++ b/index.html @@ -831,11 +831,12 @@

application, it SHOULD treat that manifest as a description of a distinct application, even if it is served from the same URL as that of another application. When the user agent sees a manifest where - |manifest|["id"] [=url/equal|equals=] the [=identity=] of an - already-installed application, it SHOULD be used as a signal that - this manifest is a replacement for the already-installed - application's manifest, and not a distinct application, even if it is - served from a different URL than the one seen previously. + |manifest|["id"] is [=url/equal=] with [=URL serializer/exclude + fragment|exclude fragment true=] to the [=identity=] of an + already-installed application, it SHOULD be used as a signal that this + manifest is a replacement for the already-installed application's + manifest, and not a distinct application, even if it is served from a + different URL than the one seen previously.

The [=identity=] can be used by a service that collects lists of web @@ -1282,6 +1283,13 @@

  • [=Process the `id` member=] passing |json|, |manifest| and |document URL|.
    • +
  • + If the [=document=]'s [=document|processed + manifest=] is not null, and [=document=]'s [=document|processed + manifest=]'s id is not + [=URL/equal=] with [=URL serializer/exclude fragment|exclude fragment true=] to |manifest|["id"], + return. +
  • [=Process the `scope` member=] passing |json|, |manifest|, and |manifest URL|.
    • @@ -1411,9 +1419,10 @@

    Updating the manifest

    - The manifest is fetched and processed on every page load. When the - processing is successful, user agents MAY apply updated manifest to - any current and future application contexts + For installed web application, the manifest is fetched and processed + on every page load. When the processing is successful, user agents + MAY apply updated manifest to any current and future application + contexts associated with the application.

    @@ -1422,13 +1431,6 @@

    such fields are to be be updated to avoid web applications being installed and silently changed to appear as a different one.

    -

    - When the user agent fetches a manifest as part of an update check, - it MUST [=url/equal|compare=] the fetched processed manifest's - [=manifest/identity=] with the identity of the app being updated. If - it is not equal, the user agent MUST NOT update the installed - application's manifest. -

    From 4e64aa428e7e563a69f1a983d90f10cd03701de1 Mon Sep 17 00:00:00 2001 From: Yajing Tang Date: Wed, 16 Feb 2022 16:17:40 -0800 Subject: [PATCH 06/11] Update index.html MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marcos Cáceres --- index.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 954ab7bb8..031796c94 100644 --- a/index.html +++ b/index.html @@ -1430,11 +1430,11 @@

    Updating the manifest

    - For installed web application, the manifest is fetched and processed - on every page load. When the processing is successful, user agents - MAY apply updated manifest to any current and future application - contexts - associated with the application. + As specified for [^link/rel/manifest^] link relation, the manifest + is fetched and processed on every page load. When the [=processing + a manifest=] is successful, user agents MAY apply updated manifest + to any current and future application contexts associated + with the application.

    User agents SHOULD be careful about performing update to manifest From 4669fbf6e7f0e79398700cd5e3d0af7c1e076411 Mon Sep 17 00:00:00 2001 From: Yajing Tang Date: Wed, 16 Feb 2022 16:18:27 -0800 Subject: [PATCH 07/11] Update index.html MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marcos Cáceres --- index.html | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index 031796c94..dfd224dc5 100644 --- a/index.html +++ b/index.html @@ -1437,11 +1437,46 @@

    with the application.

    - User agents SHOULD be careful about performing update to manifest - fields like app name and icons. Users should be fully aware if - such fields are to be be updated to avoid web applications being - installed and silently changed to appear as a different one. + For the purpose of updating, the following member are + security-sensitive members, as they are presented during + installation and on launch surfaces:

    +
      +
    1. [=manifest/short_name=], +
      2. +
    2. [=manifest/icons=] +
      3. +
    3. [=manifest/name=], +
      4. +
    +

    + User agents SHOULD NOT automatically apply changes to + [=security-sensitive members=] without [=express permission=] from + the user. +

    +

    + Instead, user agents SHOULD present changes to [=security-sensitive + members=] with appropriate management options, so the user can make + an informed decision about updating the web application. +

    +

    + The user agent MAY automatically apply the changes if the update + does not contain changes to [=security-sensitive members=]. +

    + From c67e4565994c1219d02b462ab5fa26aacd1662a5 Mon Sep 17 00:00:00 2001 From: Phillis Tang Date: Wed, 16 Feb 2022 16:21:34 -0800 Subject: [PATCH 08/11] fix syntax --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index dfd224dc5..cc985144f 100644 --- a/index.html +++ b/index.html @@ -1464,7 +1464,7 @@

    does not contain changes to [=security-sensitive members=].