It seems that with Richard leaving Mozilla we dropped the ball on requiring HTTPS more often:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ At least I can't find any follow-up with an agreed upon date and we're still rather hit-or-miss when it comes to using [SecureContext] on new APIs. Let alone non-IDL-driven features. We have made some modest progress on the second action item however. David Baron has made some efforts to more require this to pass a W3C TAG review: https://github.com/w3ctag/design-principles/pull/75 But it would also be good if we could all communicate this on behalf of Mozilla without caveats. E.g., Chrome might ship worklets soon and being able to object to that happening (specification-wise) on insecure contexts on behalf of Mozilla would be good. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
