Confirmed users
716
edits
Apps/SecurityDetails: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 152: | Line 152: | ||
Just like with hosted apps, we want to make sure that a hosting website can't be tricked into hosting a app package. The risk is fairly low even if that could happen since even if the user got an app installed, as mentioned above, that app won't be same-origin with the website that the package came from. However to be safe we still apply the same security restrictions as for hosted apps. I.e. the package has to be served with a specific MIME type, or has to be same-origin with the page installing the package. | Just like with hosted apps, we want to make sure that a hosting website can't be tricked into hosting a app package. The risk is fairly low even if that could happen since even if the user got an app installed, as mentioned above, that app won't be same-origin with the website that the package came from. However to be safe we still apply the same security restrictions as for hosted apps. I.e. the package has to be served with a specific MIME type, or has to be same-origin with the page installing the package. | ||
More information about why we developed a packaged apps solution is available here: [[Apps/PackagingProposal]] | |||
== Privileged apps == | == Privileged apps == | ||
| Line 202: | Line 204: | ||
== Updates == | == Updates == | ||
A lot of the update model is still being defined. Requirements are being collected here at | A lot of the update model is still being defined. Requirements are being collected here at [[Gaia/System/Updates]] | ||
== permission manager == | == permission manager == | ||