@jaffathecake I thought the https requirement had been relaxed.
@andrewsmatt @jaffathecake @tobie : AppCache doesn't have the same power to amplify ownership over huge swaths of URL space
-
-
@slightlylate Yes but if the security issue is that it's possible to hijack a domain then baddie only needs to hijack 1 URL eg. / or /login -
@andrewsmatt that's what the 24 hour max-age on the SW scripts is about. You have to both pwn the first party and do so persistently.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.