App Development: Tips and Considerations
Apps should always be hosted under their own domain or subdomain, as opposed to hosting several apps in subdirectory URLs of a common domain. This is due to the Web's per-origin security model, where things like Web storage, permissions, etc. are scoped by origin, i.e. by "domain/host:port".
Apps should always be available via HTTPS. HTTP should redirect to the same URI on HTTPS.