Summary: Encrypted Media Extensions on insecure contexts (i.e. web sites served over non-HTTPS) is deprecated and will soon stop working in Firefox.
Sites wanting to use EME should switch to HTTPS if they have not already. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1322517 Link to standard: https://www.w3.org/TR/encrypted-media/#privacy-secureorigin The EME spec requires that EME only be usable from a secure context, e.g., on origins served over HTTPS, and not those served over HTTP. EME is a powerful feature which makes use of sandboxed closed source CDMs which send messages (relayed via the JavaScript video player) to third party servers, and the risks are greater if the transport is not encrypted. Chrome has already removed support for EME on insecure origins in M58: https://www.chromestatus.com/feature/5724389932793856 Firefox is already logging a deprecation warning to the WebConsole when EME is used on an insecure origin (bug 1361000), and we have telemetry to track whether EME requests are made in a secure or insecure context: https://mzl.la/2hsC7Dq Timeframe: I am hoping we can remove EME on insecure origins in Q4 2017 or Q1 2018. Our telemetry shows about 8% of sites using EME are still in insecure contexts, and I'd prefer to see that number lower before we disable EME in insecure contexts. Given that Chrome have already removed their support for EME in insecure contexts, I expect this telemetry to show improvement quickly. _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
