restrict manifest to https ? #199
Labels
enhancement
question
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
wontfix
if a captive portal or a malicious MITM can replace the content of the manifest, it can masquerade a legit app icon (say, sms or contacts) on the user home screen
should the manifest be restricted to https context just like serviceworkers are ?
The text was updated successfully, but these errors were encountered: