Titles, subtitles, and spoofing mitigations.

[dmurph]

In Chromium, for security reasons we forcibly prepend "<web app name> - " to the title of the page for display in the window's titlebar IFF the page title doesn't already have the title as a prefix. This reduces the ability for web apps to spoof.

To be compatible with this, a site can either prefix their app name always, or use media queries to detect if they are in non-browser display mode to change their title dynamically.

@diekus authored a nice explainer here to help developers lean into this feature, avoiding complicated display media queries (that would have to store the old title value somewhere in local storage, etc) by formalizing a subtitle meta tag. Then, sites that might be installed can specify a this attribute, and always be compatible with title bar rendering for non-browser display modes.

I'm interested what others think - I'm generally supportive of this declarative solution.