Potentially trustworthy origins (#69)

ewilligers · web-flow · commit b3c4d76b39b0 · 2018-08-30T23:40:46.000+10:00
* Potentially trustworthy origins The manifest and action urls must be "potentially trustworthy" e.g. https or 127.0.0.1 We do not need to refer to "secure contexts" resolves #27
diff --git a/index.html b/index.html
@@ -285,12 +285,10 @@ <h3>
         </p>
         <p>
           A <dfn data-lt="web share targets">web share target</dfn> is a web
-          site in a <a data-cite="!SECURE-CONTEXTS#secure-context">secure
-          context</a> with a valid manifest containing a <a>share_target</a>
-          member. A web share target is a type of <a data-cite=
+          site with a valid manifest containing a <a>share_target</a> member. A
+          web share target is a type of <a data-cite=
           "!WebShare#dfn-share-target">share target</a>.
         </p>
-        <div class="issue" data-number="27"></div>
         <p>
           The steps for <dfn>post-processing the <code>share_target</code>
           member</dfn> is given by the following algorithm. The algorithm takes
@@ -341,6 +339,13 @@ <h3>
             "!appmanifest#dfn-navigation-scope">navigation scope</a> , and
             return <code>undefined</code>.
           </li>
+          <li>If the <a data-cite="!URL#concept-url-origin">origin</a> of <var>
+            action</var> is not <a data-cite=
+            "!SECURE-CONTEXTS/#is-origin-trustworthy">potentially
+            trustworthy</a>, <a data-cite=
+            "!appmanifest#dfn-issue-a-developer-warning">issue a developer
+            warning</a> and return <code>undefined</code>.
+          </li>
           <li>Set <var>share target</var>["<a data-link-for=
           "ShareTarget">action</a>"] to <var>action</var>.
           </li>
@@ -662,10 +667,11 @@ <h2>
         from an online index, rather than a set of targets that the end user
         has explicitly installed or registered.
         </li>
-        <li>The requirement that the web share target be a <a data-cite=
-        "SECURE-CONTEXTS#secure-context">secure context</a> is to prevent
-        private user data from being transmitted to a party that does not
-        control the origin in question, or in clear text over the network.
+        <li>The requirement that the web share target's origin be
+          <a data-cite="SECURE-CONTEXTS/#is-origin-trustworthy">potentially
+          trustworthy</a> is to prevent private user data from being
+          transmitted to a party that does not control the origin in question,
+          or in clear text over the network.
         </li>
       </ul>
     </section>
