Web packages are a new packaging format for apps or web resources in general. The packaging format is based on the W3C spec with the exception that resources are uniquely identified by a URL composed of the package URL, the !// separator, followed by the path to the resource inside the package.
The bulk of the implementation is located in
netwerk/protocol/http/PackagedAppService.cpp netwerk/protocol/http/PackagedAppVerifier.cpp netwerk/protocol/http/PackagedAppUtils.js
network.http.enable-packaged-apps - Set this to true in order to enable this feature network.http.signed-packages.enabled - Set this to true in order to enable signature verification network.http.signed-packages.developer-root (for testing only, not set by default) - Set this to the path of your own signing certificate in your device in order to use this certificate to verify packages not signed by the marketplace. network.http.signed-packages.trusted-origin (for testing only, not set by default) - Set this to the origin you trust to bypass verification of packages from that origin.