Not open for further replies.


Level 36
In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").

"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," said Anne van Kesteren, a Mozilla engineer and author of several open web standards.

This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.

The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.

Mozilla continues its push for HTTPS
The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.

Mozilla has been tremendously helpful in this manner via the Let's Encrypt project, which it supported since the beginning.

Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016, according to Let's Encrypt numbers.

Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [source].
Not open for further replies.