From a987d3f95c43d02972784f47a1556e7b8d563bf5 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Thu, 24 Apr 2025 21:07:09 +1000 Subject: [PATCH 01/11] Clarify how manifest image resources are fetched --- index.html | 67 ++++++++++++------------------------------------------ 1 file changed, 14 insertions(+), 53 deletions(-) diff --git a/index.html b/index.html index 0269d70a..f63e460c 100644 --- a/index.html +++ b/index.html @@ -1963,24 +1963,32 @@

Manifest image resources

- Each manifest image resource is an [=image resource=] that - is conceptually part of a web application, suitable to use in various - contexts depending on the semantics of the member that is using the - object (e.g., an icon that is part of an application menu, etc.). + Each manifest image resource is an [=image resource=]. The + context in which an manifest image resource is presented is determnined + by the semantics of the associated manifest member (e.g., an + [=manifest/icons=] member is generally used to represent the + application icon).

A [=manifest image resource=] differs from a [=image resource=] in that it can have an additional [=manifest image resource/purpose=] member.

- User agents MAY modify the images associated with an [=manifest image - resource=] to better match the platform’s visual style before + User agents MAY modify the images associated with a [=manifest image + resource=] to better match the platform's visual style before displaying it to the user, for example by rounding the corners or painting it in a specific color. It is recommended that developers prepare their image resources for such scenarios to avoid losing important information through, e.g., change of color or clipped corners.

+

+ User agents MAY [=fetch=] an [=manifest image resource=] by running the + [=fetching an image resource=] algorithm. Alternatively, the user agent + MAY delegate [=fetch|fetching=] [=manifest image resources=] to the + underlying platform. How the underlying platform fetches a manifest + image resource is outside the scope of this specification. +

`purpose` member @@ -2086,53 +2094,6 @@

-
-

- Content security policy -

-

- The security policy that governs whether a user agent can - fetch an icon image is governed by the `img-src` directive [[CSP3]] - associated with the manifest's owner {{Document}}. -

- -

Icon masks and safe zone From 30a8bdb60689a126f609dd8674ee21da1f50d960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Thu, 26 Jun 2025 20:13:17 +1000 Subject: [PATCH 02/11] Update index.html --- index.html | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index f63e460c..a4419138 100644 --- a/index.html +++ b/index.html @@ -1983,11 +1983,8 @@

corners.

- User agents MAY [=fetch=] an [=manifest image resource=] by running the - [=fetching an image resource=] algorithm. Alternatively, the user agent - MAY delegate [=fetch|fetching=] [=manifest image resources=] to the - underlying platform. How the underlying platform fetches a manifest - image resource is outside the scope of this specification. + User agents MUST [=fetch=] an [=manifest image resource=] by running the + [=fetching an image resource=] algorithm.

From 2ef288f70f12a9d41f356db4ef626daf0d4f0806 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Fri, 10 Apr 2026 09:04:23 +1000 Subject: [PATCH 03/11] Fix typos and restore CSP example in manifest image resources section --- index.html | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index a4419138..f3a84aa2 100644 --- a/index.html +++ b/index.html @@ -1964,7 +1964,7 @@

Each manifest image resource is an [=image resource=]. The - context in which an manifest image resource is presented is determnined + context in which a manifest image resource is presented is determined by the semantics of the associated manifest member (e.g., an [=manifest/icons=] member is generally used to represent the application icon). @@ -1983,7 +1983,7 @@

corners.

- User agents MUST [=fetch=] an [=manifest image resource=] by running the + User agents MUST [=fetch=] a [=manifest image resource=] by running the [=fetching an image resource=] algorithm.

@@ -2091,6 +2091,53 @@

+
+

+ Content security policy +

+

+ The security policy that governs whether a user agent can + fetch an icon image is governed by the `img-src` directive [[CSP3]] + associated with the manifest's owner {{Document}}. +

+ +

Icon masks and safe zone From a00c2fce389e7278ad3a3eb7b85dc27f3a8fd91a Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Fri, 10 Apr 2026 15:11:49 +1000 Subject: [PATCH 04/11] Add client parameter and fetch algorithm for manifest image resources - Add optional environment settings object parameter to "processing a manifest" so HTML can pass the document's relevant settings object. - Store the client on the processed manifest for later use. - Replace the bare MUST statement with a proper "fetch a manifest image resource" algorithm that creates a Request with client set, then delegates to "fetching an image resource" from image-resource. - When client is null (no document context), return early. Co-Authored-By: Claude Opus 4.6 --- index.html | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index f3a84aa2..57830883 100644 --- a/index.html +++ b/index.html @@ -1611,7 +1611,8 @@

The steps for processing a manifest are given by the following algorithm. The algorithm takes a [=URL=] |document URL:URL|, a - [=URL=] |manifest URL:URL|, and a [=byte sequence=] |bodyBytes|. + [=URL=] |manifest URL:URL|, a [=byte sequence=] |bodyBytes|, and an + optional [=environment settings object=] |client|.

  1. Let |json| be the result of [=parse JSON bytes to an Infra @@ -1681,6 +1682,9 @@

    any proprietary and/or other supported members at this point in the algorithm.

    2. +
  2. Set |manifest|'s client to |client|. +
  3. Let [=document=]'s processed manifest be |manifest|.
    4. @@ -1983,9 +1987,25 @@

    corners.

    - User agents MUST [=fetch=] a [=manifest image resource=] by running the - [=fetching an image resource=] algorithm. + To fetch a manifest image resource given a [=manifest image + resource=] |image| and an [=application manifest=] |manifest|:

    +
      +
    1. If |manifest|'s [=application manifest/client=] is null, return. +
      2. +
    2. Let |request| be a new [=Request=]. +
      3. +
    3. Set |request|'s [=request/URL=] to |image|'s {{ImageResource/src}}. +
      4. +
    4. Set |request|'s [=request/Destination=] to "`image`". +
      5. +
    5. Set |request|'s [=request/Client=] to |manifest|'s [=application + manifest/client=]. +
      6. +
    6. Return the result of [=fetching an image resource=] with |image| + and |request|. +
      7. +

    `purpose` member From d73ab826fa8eb9600e1f9bded0e610b80f477f74 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Fri, 10 Apr 2026 15:26:50 +1000 Subject: [PATCH 05/11] Clarify client parameter in HTML invocation context When HTML invokes "processing a manifest" via the link element, client is the document's relevant settings object. When invoked without a document (e.g., sync install), client is null. Co-Authored-By: Claude Opus 4.6 --- index.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 57830883..8ea02666 100644 --- a/index.html +++ b/index.html @@ -1755,9 +1755,11 @@

    The [=processing a manifest=] steps are invoked by [[HTML]]'s - processing steps for the [^link^] element, but MAY also be invoked - by the user agent to process a manifest without an associated - [=document=]. + processing steps for the [^link^] element, in which case + |client| is the [=document=]'s [=relevant settings object=]. + The steps MAY also be invoked by the user agent to process a + manifest without an associated [=document=], in which case + |client| is null.

    In this case, to match the guarantees made by the corresponding From f2767e897d8e7a633776f90759cee67547e7c4d4 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 13 Apr 2026 15:06:57 +1000 Subject: [PATCH 06/11] Fix ReSpec markup in fetch algorithm - Use "or null" instead of "optional" for client parameter type - Remove data-export from client dfn (no external consumers) - Lowercase Fetch internal slot names: destination, client - Use [=request=] (internal concept) not [=Request=] (ambiguous) --- index.html | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/index.html b/index.html index 8ea02666..bdd4fe91 100644 --- a/index.html +++ b/index.html @@ -1611,8 +1611,8 @@

    The steps for processing a manifest are given by the following algorithm. The algorithm takes a [=URL=] |document URL:URL|, a - [=URL=] |manifest URL:URL|, a [=byte sequence=] |bodyBytes|, and an - optional [=environment settings object=] |client|. + [=URL=] |manifest URL:URL|, a [=byte sequence=] |bodyBytes|, and + |client| (an [=environment settings object=] or null).

    1. Let |json| be the result of [=parse JSON bytes to an Infra @@ -1682,8 +1682,7 @@

      any proprietary and/or other supported members at this point in the algorithm.

      2. -
    2. Set |manifest|'s client to |client|. +
    3. Set |manifest|'s client to |client|.
    4. Let [=document=]'s processed manifest be |manifest|. @@ -1995,13 +1994,13 @@

      1. If |manifest|'s [=application manifest/client=] is null, return.
        2. -
      2. Let |request| be a new [=Request=]. +
      3. Let |request| be a new [=request=].
      4. Set |request|'s [=request/URL=] to |image|'s {{ImageResource/src}}.
        5. -
      5. Set |request|'s [=request/Destination=] to "`image`". +
      6. Set |request|'s [=request/destination=] to "`image`".
        7. -
      7. Set |request|'s [=request/Client=] to |manifest|'s [=application +
      8. Set |request|'s [=request/client=] to |manifest|'s [=application manifest/client=].
      9. Return the result of [=fetching an image resource=] with |image| From a1a3f2d919621504ec623fa17ae7be66f21cb1d7 Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 13 Apr 2026 15:30:12 +1000 Subject: [PATCH 07/11] Add note explaining why image fetch is skipped when client is null --- index.html | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/index.html b/index.html index bdd4fe91..fcde3f78 100644 --- a/index.html +++ b/index.html @@ -1993,6 +1993,13 @@

        1. If |manifest|'s [=application manifest/client=] is null, return. +
        2. Let |request| be a new [=request=].
          3. From 6ec4eb69f353ed507a192c905db2d160027209cc Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Mon, 13 Apr 2026 16:29:06 +1000 Subject: [PATCH 08/11] Add note on when to call fetch a manifest image resource; fix |client| var scope - Add informative note after the algorithm explaining it is called during install UI prep or application context creation, not on every page load; references issue #1216 for the normative call site work - Fix step 1 note: |client| is not in scope; replace with |manifest|'s [=application manifest/client=] --- index.html | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index fcde3f78..4ee159fc 100644 --- a/index.html +++ b/index.html @@ -1993,9 +1993,9 @@

          1. If |manifest|'s [=application manifest/client=] is null, return. -
          +

          `purpose` member From 43baafdc42a30bd8f1d1a39d28bfe9603e7aae8f Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Tue, 14 Apr 2026 18:39:27 +1000 Subject: [PATCH 09/11] Return null explicitly when client is null --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 4ee159fc..d06db968 100644 --- a/index.html +++ b/index.html @@ -1992,7 +1992,7 @@

          resource=] |image| and an [=application manifest=] |manifest|:

            -
          1. If |manifest|'s [=application manifest/client=] is null, return. +
          2. If |manifest|'s [=application manifest/client=] is null, return null.