Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Normal
Ya, that was my understanding too.Ya, although I'm not sure you'd want to to put an onboarding token all the time for Safari... Just initially when the user is logged in but not already in PWA mode. Seems like generating new/spewing out unnecessary tokens whenever the manifest is requested from the PWA (like to check for an update) could be a potential security risk/attack vector. At that point maybe it's better to just do the same handoff mechanism (if token exists, ignore cookies and use single-use token), and then the manifest falls back to not having a token when requested by an existing PWA instance. The bonus of that would be that it would still work on Android or other platforms if they ever take a more sandboxed approach to PWA (I could see that happening someday with all the privacy changes happening in the world).
Ya, that was my understanding too.
Ya, although I'm not sure you'd want to to put an onboarding token all the time for Safari... Just initially when the user is logged in but not already in PWA mode. Seems like generating new/spewing out unnecessary tokens whenever the manifest is requested from the PWA (like to check for an update) could be a potential security risk/attack vector. At that point maybe it's better to just do the same handoff mechanism (if token exists, ignore cookies and use single-use token), and then the manifest falls back to not having a token when requested by an existing PWA instance. The bonus of that would be that it would still work on Android or other platforms if they ever take a more sandboxed approach to PWA (I could see that happening someday with all the privacy changes happening in the world).
We use essential cookies to make this site work, and optional cookies to enhance your experience.
See further information and configure your preferences
