Yesterday Mozilla announced Firefox will be restricting new features to secure contexts (i.e., HTTPS):
https://blog.mozilla.org/security/2018/01/15/secure-contexts-everywhere/ I'm glad to report that thus far this has been very well received. I'm posting this here per suggestion from Ben Kelly and because: * Not all module owners and peers might have seen the blog post and this might impact them if their module currently, or in the future, exposes features to web content. * Modules might want to look into ways of enforcing this programmatically, to ease ongoing maintenance and guide everyone to do the right thing without having to ask/review/etc. E.g., https://bugzilla.mozilla.org/show_bug.cgi?id=1429014 has some ideas for enforcement around our bindings. * Mozillians might have questions not addressed in the post and this seems like a good place to centralize those and address them. Insofar as documenting this policy elsewhere goes I've updated https://wiki.mozilla.org/WebAPI/WebIDL_Review_Checklist and I'll update https://wiki.mozilla.org/WebAPI/ExposureGuidelines too in some manner. (The latter will probably also need to be generalized as currently it suggests it's for APIs only.) Hope that helps, -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
