Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

Questões Freqüêntes do Manifesto do Aplicativo

Esta tradução está incompleta. Ajude atraduzir este artigo.

Perguntas freqüêntes sobre arquivos de manifesto dos aplicativos da web aberta.

Por que meu aplicativo precisa de um manifesto?

The app manifest provides useful information about an app (such as name, author, icon, and description) in a simple document usable by both users and app stores. Most importantly, it will contain a list of Web APIs (such as geolocation) that your App needs. This allows users to make informed decisions about apps before installing them.

O manifesto de Aplicativos da Web Aberta é a mesma coisa que o manifesto usado pelas extensões do Google Chrome e aplicativos web instaláveis? Ou o manifesto do Widget do W3C? Ou o manifesto de cache do HTML5?

No to all of these. The Open Web App manifest is probably most similar to the Google manifest, but they are not identical. It is intended that the Open Web App manifest will become a standard.

Firefox OS pode ser instalado em outras plataformas?

Yes. They can be installed on Firefox for Android and Firefox Desktop 29+. For details of how, read these:

O que é um 'origin' ?

The origin of an app is the protocol, domain, and port of the URL together. Each of the following URLs is a different origin:

  • https://example.com
  • https://example.com:8080 (different port)
  • https://example.com (different protocol)
  • https://www.example.com
  • https://myapp.example.com (subdomain)

The following URLs are the same origin:

  • https://Example.com:80
  • https://example.com

The following URLs are the same origin:

  • https://example.com/drawingApp
  • https://example.com/notesApp

See Same-origin policy for more information.

Por que tenho um manifesto de aplicativo 'host' igual a 'origin' como meu aplicativo?

We assume that only you can host an app manifest at the same origin as your app. This means your users can install your app with confidence, knowing that the installation is based on your app manifest and not someone else's. Users should have this confidence whether they're installing your app from Firefox Marketplace, from some other app store, or from your own website if you are self-publishing your app.

If the app manifest were not hosted at the same origin as the app itself, there would be nothing to prevent third parties from making apps directly out of content hosted at your origin. Even worse, third parties could create an app manifest using your branding that would trick users into installing an app that was a facade for stealing passwords or other improper behavior.

O que significa eu não poder inserir imagens ou javascript de outras fontes ?

No. The origin restriction is on content (HTML pages) only. Images and other embedded resources can be located elsewhere (for example, on a content delivery network), except for the app's icon, which must be served from the app's origin.

Posso ter mais de um aplicativo em uma origem?

It used to be the case that you could not host more than one app at the same origin (Apps.install would fail with a MULTIPLE_APPS_PER_ORIGIN_FORBIDDEN error). However, the single-app-per-origin restriction has been lifted (see bug 778277) — this change was landed in Gecko 34, meaning that Firefox OS 2.1+, Firefox Desktop 34+ and Firefox for Android 34+ are able to install multiple apps from the same origin.

Note that allowing multiple apps at the same origin doesn't affect our permission model. Say we have three apps at example.com: A, B and C. All three apps have different permissions. If the user installs apps A and B, pages inside app A's context will have A's permissions, pages inside app B's context will have B's permissions, and no pages will have C's permissions.

However, there are some subtle security implications to consider. Any page uploaded to example.com might get navigated to by App A, App B, or App C. That means that such a page *might* potentially run with A's, B's, or C's permissions. So for example there is a chance that the user will install App A, and that App A might navigate to an uploaded page outside the app, in which case the page would run with As permissions, which might not be what the developer of App A expected.

So hosting an app with lots of permissions on the same server as other content that you don't expect to have the same level of permissions is a bad idea, especially if we are talking about apps that deal with sensitive data (e.g. credit card information, customer records.) This could lead to an exploitable vulnerability. You should follow the same security best practices as you would with regular web content — e.g. you would put a sensitive web app on its own domain anyway.

Note: If you need to support old versions of Firefox OS/Desktop/Android, we recommend that you use a separate sub-domain for each of your apps. For example, spreadsheet.mycoolapps.com for one app and texteditor.mycoolapps.com for another. For more information, see Adding a subdomain for an app.

Por que justamente não carrego um manifesto de aplicativo diretamente da loja do Firefox?

There are several benefits to hosting the manifest at your domain and providing the app manifest URL to the Marketplace:

  • We intend that the Marketplace (and other app stores) will periodically revisit all the app manifests at the provided URLs and check them for updates. This avoids the need for you to re-upload your app manifest for each update.
  • The Marketplace will pass both the original app manifest contents as well as its URL to the user's device. This allows the device to check for unexpected changes in the app manifest that might indicate tampering. This will be especially important for apps that use Web APIs (for geolocation for example).

Por que meu servidor web tem que usar a propriedade de cabeçalho HTTP 'Content-Type' quando servir meu manifesto de aplicativo?

This restriction prevents users of a website that allows user-generated content (for example, a pastebin site) from inadvertently or inappropriately claiming that entire website as their app.

Devo usar HTTPS para servir meu manifesto de aplicativo?

Yes, it is a good idea. We anticipate that the Firefox Marketplace will require any app using Web APIs (such as Geolocation) to serve its app manifest over HTTPS as an additional defense against man-in-the-middle attacks. If you use HTTPS for your manifest, you must also use it for all the pages on your site.

E se alguém enviar meu aplicativo para Loja do Firefox?

In the unfortunate event that someone guesses the URL to your app manifest and submits it to the Firefox Marketplace before you do, please file a complaint with the Marketplace support team.

Veja também

App manifest

Etiquetas do documento e colaboradores

 Colaboradores desta página: fabianosantos.net
 Última atualização por: fabianosantos.net,