Networking/Archive/Necko/Web packages: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "== Description == Web packages are a new packaging format for apps or web resources in general. The packaging format is based on the [http://www.w3.org/TR/web-packaging/ W3C s...")
 
(→‎Prefs: add two prefs developer-root and trusted-origin)
Line 15: Line 15:
   network.http.signed-packages.enabled
   network.http.signed-packages.enabled
     - Set this to true in order to enable signature verification
     - Set this to true in order to enable signature verification
  network.http.signed-packages.developer-root
    - (Testing only) Set this to the path of your own signing certificate in your device in order to use this certificate to verify packages not signed by the marketplace.
  network.http.signed-packages.trusted-origin
    - (Testing only) Set this to the origin you trust to bypass verification of packages from that origin.

Revision as of 02:04, 28 October 2015

Description

Web packages are a new packaging format for apps or web resources in general. The packaging format is based on the W3C spec with the exception that resources are uniquely identified by a URL composed of the package URL, the !// separator, followed by the path to the resource inside the package.

 Example: http://example.org/path/to/package.pak!//path/to/resource.html

Implementation

The bulk of the implementation is located in

 netwerk/protocol/http/PackagedAppService.cpp
 netwerk/protocol/http/PackagedAppVerifier.cpp
 netwerk/protocol/http/PackagedAppUtils.js

Prefs

 network.http.enable-packaged-apps
   - Set this to true in order to enable this feature
 network.http.signed-packages.enabled
   - Set this to true in order to enable signature verification
 network.http.signed-packages.developer-root
   - (Testing only) Set this to the path of your own signing certificate in your device in order to use this certificate to verify packages not signed by the marketplace.
 network.http.signed-packages.trusted-origin
   - (Testing only) Set this to the origin you trust to bypass verification of packages from that origin.