Le 02/06/2015 16:31, Frederik Braun a écrit :
> On 02.06.2015 16:23, Julien Wajsberg wrote:
> …
>> Now for the callee this could be handled with a fetch event in a Service
>> Worker.
>>
>> self.addEventListener('fetch', function(event) {
>> event.respondWith(new Promise((resolve, reject) => {
>> if (event.request.url.startsWith('/activity/pick')) {
>> resolve(ImagePicker.pickImage().then(blob => new Response(blob)));
>> }
>> }));
>> });
>>
> This would require the Cross-Origin ServiceWorkers (already proposed in
> a previous thread), because normal SWs only interrupt stuff on the
> caller side. Right?
Yes, except the caller doesn't directly access the app's URL here; Gecko
does. So maybe we don't _really_ need Cross-Origin SW to work.
>
> I see a CSRF / confused deputy problem with this, where suddenly
> everything you want to serve becomes an Activity for someone else to
> inter-operate with.
>
> An explicit list of exposed functions sounds easier to work with. As
> soon as you start exposing "internal" functions, you'll have to maintain
> them forever or break other apps. That could turn out very bad.
This is the part I left out my proposal but was still in my head.
I think we still have to explicit the exposed activities in
manifest.webapp. For instance the System still needs to present a list
of application when several apps are available. And the target endpoints
need to be defined somewhere (unless there's a convention instead?).
So basically, instead of :
"activities": {
"new": {
"href": "/index.html#activity-new",
"filters": {
"type": "websms/sms",
"number": {
"pattern":"[\\w\\s+#*().-]{0,50}"
}
},
"disposition": "inline",
"returnValue": true
},
"share": {
"href": "/index.html#activity-share",
"filters": {
"type": ["image/*", "audio/*", "video/*", "url", "text/vcard"],
"number": {
"max": 5
}
},
"disposition": "inline",
"returnValue": true
}
}
we could have:
"activities": {
"new": {
"endpoint": "/activities/new",
"method": "POST",
"filters": {
"headers": { "Content-Type": "websms/sms" },
"parameters": { "number": {
"pattern":"[\\w\\s+#*().-]{0,50}"
} }
},
"disposition": "inline"
},
"share": {
"endpoint": "/activities/share",
"method": "POST",
"filters": {
"headers": { "Content-Type": ["image/*", "audio/*", "video/*",
"url", "text/vcard"] },
"parameters": { "number": {
"max": 5
}
},
"disposition": "inline"
}
}
I don't know if this makes sense?
--
Julien