On Wed, Jan 17, 2018 at 12:02 AM, Martin Thomson wrote:
> Either of these criteria are sufficient, right? However, I expect
> that we'll want to hold the line in some cases where other browsers
> ship anyway. How do we plan to resolve that? One potential
> resolution to that sort of problem is
> One potential resolution to that sort of problem is to ship in secure
contexts anyway and ask other browsers to do the same.
It would be really great from a HTTPS adoption standpoint if we can hold
back as many features from being shipped to insecure contexts.
Perhaps Firefox could ship new fea
Great news. Thanks to all those involved for getting to this point.
Anne, your posting suggests an exception is likely if:
* other browsers already ship the feature insecurely
* it can be demonstrated that requiring secure contexts results in
undue implementation complexity.
Either of these cri
On Tue, Jan 16, 2018 at 1:11 PM, Anne van Kesteren wrote:
> * Modules might want to look into ways of enforcing this
> programmatically, to ease ongoing maintenance and guide everyone to do
> the right thing without having to ask/review/etc. E.g.,
> https://bugzilla.mozilla.org/show_bug.cgi?id=14
Yesterday Mozilla announced Firefox will be restricting new features
to secure contexts (i.e., HTTPS):
https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/
I'm glad to report that thus far this has been very well received.
I'm posting this here per suggestion from Ben Kelly
5 matches
Mail list logo
