LoadSites is a WebView-based browser for iOS and Android that renders standard HTML, CSS, and JavaScript web content. With explicit user approval, loaded web content can request access to platform features like the camera, haptics, and notifications through a permission-gated JavaScript bridge.
Open standard · WebView rendering · User-approved permissions · iOS + Android
{
"loadsites_version": "1.0",
"app_author": "Acme Corp",
"license_key": "",
"app_name": "Acme App",
"app_description": "Our flagship product",
"app_version": "2.1.0",
"app_icon": "icon-512.png",
"app_zip": "app.zip",
"app_entry": "index.html",
"permissions": [
"haptics", "camera",
"biometrics", "storage"
]
}
CWA apps are standard HTML/CSS/JS web content packaged as ZIP bundles and described by a JSON manifest on your domain. LoadSites renders them in the platform's built-in WebView and manages installation, updates, and the permission-gated bridge.
Create a loadsites.app.manifest JSON file on your domain. Declare your app name, icon, ZIP location, and required permissions.
Bundle your production HTML, CSS, and JavaScript into a ZIP file (max 50 MB). No native code — only standard web assets.
→Users enter your domain in LoadSites. They see the full list of requested permissions, explicitly approve them, and the web content is downloaded to their device.
→Your web content renders in the platform's WebView (WKWebView / Android WebView). The permission-gated bridge (window.LoadSites) is available only for user-approved capabilities.
All CWA content is standard HTML, CSS, and JavaScript — rendered by the platform's built-in WebView component (WKWebView/WebKit on iOS, Android WebView on Android). The bridge API is permission-gated: no capability is accessible without the user's explicit prior approval. No native code is downloaded or executed.
Your Domain User's Device
┌──────────────────────┐ ┌──────────────────────────────┐
│ │ manifest │ LoadSites Container │
│ loadsites.app. │ ─────────────► │ │
│ manifest (JSON) │ │ WKWebView / Android WebView │
│ │ │ ┌──────────────────────┐ │
│ app.zip │ download │ │ Your HTML / CSS / JS │ │
│ (HTML/CSS/JS) │ ─────────────► │ │ │ │
│ │ │ │ window.LoadSites │ │
│ │ │ │ (Bridge API) │ │
│ │ │ └──────────────────────┘ │
└──────────────────────┘ └──────────────────────────────┘
Permission-gated · Sandboxed · Isolated
All APIs are accessed through window.LoadSites. Each must be declared in the
manifest, explicitly approved by the user at install time, and enforced at runtime.
Undeclared permissions are rejected. No API is accessible without user consent.
With user approval, capture photos or pick from the gallery. Returns base64 data URIs.
await LoadSites.camera.takePhoto();
camera
With user approval, prompt for Face ID, Touch ID, or fingerprint authentication.
await LoadSites.biometrics
.authenticate('Confirm identity');
biometrics
With user and OS-level permission, deliver notifications via standard APNS / FCM channels.
const key = await LoadSites
.notifications.getDeviceKey();
license required
With user approval, trigger vibration, impact, and notification-style haptic feedback.
await LoadSites.haptics.vibrate(200);
await LoadSites.haptics.impact('medium');
haptics
With user and OS-level permission, access GPS position or watch for location changes.
const pos = await LoadSites
.geolocation.getCurrentPosition();
geolocation
With user approval, read and write persistent key-value data, scoped per domain + appId. Isolated between apps.
await LoadSites.storage.set('key', val);
const r = await LoadSites.storage.get('key');
storage
With user approval, open the system share sheet with custom text, title, and URL.
await LoadSites.share.share({
title: 'Check this out',
url: 'https://example.com'
});
share
With user approval, read and write the system clipboard.
await LoadSites.clipboard.write('Hello');
const c = await LoadSites.clipboard.read();
clipboard
With user approval, detect connectivity changes and current connection type.
const s = await LoadSites
.network.getStatus();
network
With user approval, access read-only device information: platform, model, OS version.
const info = await LoadSites
.device.getInfo();
device
Close, go home, switch apps, or show the exit menu.
LoadSites.navigation.close();
LoadSites.navigation.showMenu();
no permission needed
The bridge is embedded inline before your scripts run. All async methods return Promises. Every call is checked against the user's approved permissions — undeclared capabilities are rejected. Works with any framework or vanilla JS.
// Detect the CWA bridge at runtime if (window.LoadSites) { console.log('CWA v' + LoadSites.version); // Use native camera const photo = await LoadSites.camera.takePhoto(); img.src = photo.dataUrl; } else { // Fallback to Web APIs (PWA mode) navigator.mediaDevices.getUserMedia({ video: true }); }
// Haptic feedback on button tap await LoadSites.haptics.impact('medium'); // Biometric authentication const auth = await LoadSites.biometrics .authenticate('Confirm identity'); if (auth.verified) { // Save to scoped persistent storage await LoadSites.storage.set( 'session', JSON.stringify({ ts: Date.now() }) ); }
The same web content can work as both a PWA and a CWA simultaneously. Detect
window.LoadSites at runtime and progressively enhance with
user-approved platform features.
| Capability | PWA | CWA (LoadSites) |
|---|---|---|
| Camera | MediaDevices (limited) | Camera + gallery (user-approved) |
| Biometrics | WebAuthn (limited) | Face ID / Touch ID (user-approved) |
| Haptics | Vibration API (basic) | Impact, notification (user-approved) |
| Offline | Service Worker cache | Entire app pre-downloaded as ZIP |
| Multi-app per domain | One per scope | Multiple via manifest apps[] |
| Storage isolation | Same-origin policy | Domain + appId scoped |
| Push notifications | Web Push (free) | Cloud relay (license required) |
| Desktop support | All browsers | Mobile only (iOS + Android) |
| SEO | Indexable by search engines | Requires separate web presence |
All permission-gated bridge APIs are free except push notifications, which require a license because they rely on the LoadSites Cloud relay infrastructure (APNS / FCM).
All permission-gated bridge APIs except notifications. No license key required.
Everything in Free, plus push notifications via the LoadSites Cloud relay.
Higher volume notifications, priority support, and dedicated infrastructure.
LoadSites renders all web content using the platform's built-in WebView component (WKWebView/WebKit on iOS, Android WebView on Android). CWA bundles contain only standard web assets — HTML, CSS, JavaScript, images, and fonts. No native executable code, bytecode, or binaries are downloaded or executed.
ZIP bundles contain only static web assets. No DEX, dylib, .so, or executable files. All JavaScript runs in the WebView's built-in JS engine.
Every permission is declared in the manifest, shown to the user before installation, and explicitly accepted. Undeclared permissions are rejected at runtime.
Each app runs in the WebView sandbox. Storage is scoped per domain + appId. Apps cannot access each other's data. The bridge does not expose raw platform APIs.
Read the spec, package your web content, and deliver it to users through a secure, permission-gated WebView experience.