Paul Kinlan

"Will have a look and get Author (Paul Lewis) to fix." - Paul Kinlan

"Everything needs a user gesture. You can do a redirect only on navigation if a user has clicked a link and navigated to your page or in response to a click on your site." - Paul Kinlan

"To note. Its the encouragement to sniff solvents I find bizarre." - Paul Kinlan

"Lol. Of course I believe in vaccines." - Paul Kinlan

"Kids collapse when sniffing marker pens. Much like sniffing glue." - Paul Kinlan

"Sorry, I am not clear what the problem is. On navigation you are still allowed to open fire the intent either via 302 redirect or a synthetic link click." - Paul Kinlan

"fallback url must be a url. I think this is fine because the theory is that you know the target content of the link anyway because in most cases the app would be trying to load it. You as a 3rd party site owner could just specify your own site in the link." - Paul Kinlan

"If you type that url it does not do what you say. That is what we have blocked and this is what my article is about. If you navigate to it from a link click it will be allowed to happen." - Paul Kinlan

"Fixed.." - Paul Kinlan

"Fixed." - Paul Kinlan

"https://jsbin.com/vivaqo/lates... has the fix, will update article." - Paul Kinlan

"https://jsbin.com/vivaqo/lates..." - Paul Kinlan

"Hmm interesting, this shouldn't happen. Any click that would fire the intent should not create a window, it should keep you on the previous page and open up the app. Not, all synthetic clicks should be blocked.... Do you have an example site that I can try this on? Also what version of the browser are you using?" - Paul Kinlan

"If you click on the 2nd one it should never take you to the store, but my web app..." - Paul Kinlan

"I raised this, team found it interest :) : https://code.google.com/p/chro..." - Paul Kinlan

"Because the intent in theory was to visit the page, not launch the app.... (kinda like this post). Right now there is no mechanism to instruct Chrome to load in "app mode"" - Paul Kinlan

"I ended up getting a quick document out https://paul.kinlan.me/deep-ap... - still working on the more official docs." - Paul Kinlan

"Hahaha, I am honestly trying to dive in to the frustrations that developers have so a lot of the time I ask questions and present our position to get more feedback :)" - Paul Kinlan

"Because it is not an "Install" yet..." - Paul Kinlan

"Just to note: at the start of this you said you don't want SSL as well. Does this still stand?" - Paul Kinlan

"I'll pass the feedback back, but we've made this decision because we think it is the safest thing to do for users. It will slow adoption of this in the wild, but that is ok." - Paul Kinlan

"I'm doing a quick post in lieu of official documentation being ready, and I'll investigate webviews." - Paul Kinlan

"Users can still add to home-screen and launch to make it look like an app, you just don't get the prompt. I believe SSL should be a mandatory requirement for this for a number of reasons that maybe I should clarify further in the document." - Paul Kinlan

"Interesting and I disagree. I should be clear, I am also talking about *all* Service Worker features, you get more access to more things (such as request interception) and you need to be sure that the SW has not been MITM'd. I am more than happy starting with these tougher restrictions in place, my absolute worst nightmare is that we start weak on this, every site gets the ability to throw up a banner and users hate it and we push the web back several years in not having parity with native experiences. User trust is our upmost goal with this, and requiring SSL and also SW (which can lead to offline, but also more likely push notifications) I believe is a good start. Can you tell me what would make you happy and also not be abused? (I think SSL is non-negotiable on this btw.)." - Paul Kinlan

"You can still use Add to Homescreen, you just won't get the banner." - Paul Kinlan

"I just wanted to clear up a few points raised in this article: "Apps that utilize deeplinks will not launch" - Yes they will, the intent: deep linking syntax still works. The intention has always been that if a user enters a URL in the browser address bar then the user should navigate to the web page that they typed and they should not be automatically directed away to the App. However, I believe has been a regression for a while that allowed developers to circumvent this by simulating a user gesture (a click on the "intent:" link). For this user journey it is fundamentally disruptive to the user and can lead to potentially unintended results. Note: If a user indicates via a gesture such as a click on a link, or iirc a navigation from a link click that subsequently 302's redirects or window.location redirects within 100 milliseconds of the gesture to an intent: URI then it should all still work. "Apps that have rich in-app webview content can no longer open Intent URLs" - See above,..." - Paul Kinlan

"Just to be clear Service Worker != Offline, it was pushed early as this but it is not it's sole role. We believe that SW is a good, strong, heuristic for the intention of providing app like functionality that users will want to install. It's also not a play to go SSL, it is to make sure that no one in the middle has tried to do something that could erode the users trust. I worry that a manifest could be injected into a site via MITM and linked to a resource that was not the developers intention and then added to the users home screen.... Say in the near future the manifest includes permissions, it becomes even more critical to be on https." - Paul Kinlan

"I'll share this feedback back with the team." - Paul Kinlan

"With respect, your arguments are not valid. It's fine though, you just wont be able to use this or newer features and I am happy for the users that it won't be offered on your site. With more and more advanced features we need to increase user trust and verifiability on the web, not decrease it. By not offering your site up on https there is no way to say that you are not being man-in-the-middle attacked and someone is injecting these advanced features in to your site." - Paul Kinlan

"I believe that's my face.... Thanks for pointing it out" - Paul Kinlan