The app manifest provides key information about an app such as its name, author, and required permissions in a JSON file. It must be named manifest.webapp and located in the root directory of the app. The manifest identifies the app as an Open Web App rather than a website. It allows users to understand an app's requirements before installing. The manifest also supports localization and includes a content security policy for security. Privileged and certified apps have access to additional permissions defined in the manifest.
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
App Manifest
1.
2.
3. • The app manifest provides information about an app (such as
name, author, icon, and description) in a simple document
usable by both users and app stores. Most importantly, it
contains a list of Web APIs that your app needs. This allows
users to make informed decisions about apps before installing
them. It is one of the key things that distinguishes an Open
Web App from a website.
4. • Name: manifest.webapp (you must use the .webapp
extension)
• Location: your app's root directory
• Format: JSON (must be valid JSON)
5. For Packaged and Hosted app
• Path must be served from the same origin as the app.
Packaged App
/myapp/index.html
/myapp/manifest.webapp
Hosted app
http://www.mysite.com/myapp/index.html
http://www.mysite.com/myapp/manifest.webapp
6. name
description
launch_path (for Packaged Apps)
icons (1 icon of 128×128 required, 1 icon of 512×512 recommended)
developer
default_locale (if locales is defined)
Locales (For localization)
type (for privileged and internal (certified) apps)
If you want to publish your app to the Firefox Marketplace, your app manifest must contain the following fields:
12. • Content Security Policy (CSP) is an added layer of
security that helps to detect and mitigate certain types of
attacks, including Cross Site Scripting (XSS) and data
injection attacks. These attacks are used for everything
from data theft to site defacement or distribution of
malware.
• If a CSP is specified in the App Manifest, the specified CSP
and the default CSP for the app's type will be merged. A
specified CSP may not loosen restrictions of the default
CSP. The Firefox Marketplace Validator detects violations
of the CSP during the app submission process. This can be
used to help find problems early in development.
14. • You cannot include scripts inline in your HTML.
• <script></script>
• onclick="" or onload="“
• <a href="javascript:alert('foo')">
• <link rel="stylesheet" href=“http://....">
15.
16. The permissions field in the app manifest controls the app's access to various
sensitive APIs (Web APIs) on the devices.
The three levels of permission, in brief, are:
Web apps: These only have a basic level of permissions, and don't have
access to privileged or internal APIs.
Privileged apps: These have all the permissions of web apps plus more.
Hosted apps can't be privileged.
Internal (certified) apps: These have all the permissions of privileged and web
apps plus more.
17. Add this in the manifest file
"permissions": {
"alarms": {
"description": "Required to schedule notifications"
}
}