This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
This enables putting the manifest files on a CDN.
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Rejected Change Description: no spec change Rationale: It would also enable a hostile open wifi access point to permanently hijack facebook.com to point to evil.example.net, which seems, to put it mildly, problematic.
Reopening in the hopes of gathering more input about why the SOP for this is a problem and what might be done to resolve it.
Reassigning to michaeln as per comment 2. If you gather actionable input, please don't hesitate to reassign this to me so I can study it further.
This was an attempt at solving use-case #2 here: http://www.w3.org/community/fixing-appcache/2012/01/18/appcache_use_cases/#use_case_2 Allow an application hosted on a cluster of servers to be easily updated An application is hosted on a cluster of servers behind a non-sticky load balancer. It is updated daily. Even though all servers are not updated instantly and two versions of the application co-exist for a while, it is possible to update the application without risking to have an out-of sync version of the application (e.g. manifest file and assets of the latest version combined with a Master Entry of the previous version) or to need to invalidate the cache to avoid such issues. Probably would have been more useful to provide the use case upfront rather that potential solutions.
This bug was cloned to create bug 17802 as part of operation convergence.
Mass move to "HTML WG"
Ian, why could a wireless not do that anyway over HTTP without TLS? And if there is TLS, there is no problem to begin with. You still need CORS because of the update events (I think). You also need a new crossorigin attribute on <html> to control the details.
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the Editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the Tracker Issue; or you may create a Tracker Issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Rejected Change Description: none Rationale: Supporters of this use case no longer seem to believe it important.