Mozilla has determined that going forward web-exposed features are to be restricted to secure contexts, and that new features of Firefox must meet the under-development standard that requires all browser-to-server-and-back traffic to be encrypted.
The successful restriction of existing, as well as new features to secure contexts, according to Mozilla have become much more mature.
And all the building blocks are now in place to quicken the adoption of HTTPS and secure contexts, and follow through on our intent to deprecate non-secure HTTP.
So going forward, all Firefox new features that are web-exposed are to be restricted to secure contexts, such new feature can be anything from an extension of an existing IDL-defined object, CSS property, or even HTTP response header to emerging technology like WebVR.
What this means is that traffic must be encrypted to prevent "man-in-the-middle" attacks in which hackers siphon insecure browser-server traffic by getting between the connection.
Google has already gone full-speed in the push for all websites to implement HTTPS encryption, as the company rolled out new warnings to flag HTTP connections as insecure in its Chrome browser.
While Mozilla first announced its intentions to require HTTPS back in April 2015, perhaps the new timeline after which all new features will be available only to secure websites is its first item of business, with the version of the browser, Firefox 58 set to ship in January 23.
Mozilla has promised to provide developer tools to ease the transition to secure contexts and enable testing without an HTTPS server.
No comments