In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "
secure context").
"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts,"
said Anne van Kesteren, a Mozilla engineer and author of several open web standards.
This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.
The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.
Mozilla continues its push for HTTPS
The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.
Mozilla has been tremendously helpful in this manner via the Let's Encrypt project, which it supported since the beginning.
Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016,
according to Let's Encrypt numbers.
Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [
source].
