Summary: 
WebVR on insecure contexts (i.e. web sites served over non-HTTPS) is deprecated 
and will soon stop working in Firefox. 

Sites wanting to use WebVR should switch to HTTPS if they have not already. 

Bug: 
https://bugzilla.mozilla.org/show_bug.cgi?id=1381645

Link to standard: 
https://w3c.github.io/webvr/spec/1.1/

WebVR is a powerful feature that exposes sensor inputs that can capture 
biometric data (ie. distance of eyes to ground when user is standing).  
Immersive WebVR sites must be inherently trusted with this information.  The 
risks are greater if the transport is not encrypted.

Timeframe: 
We will immediately remove WebVR on insecure origins in FF59’s Nightly.  This 
should give developers some time to test their sites in Nightly until it rides 
the trains to FF59 in release.  WebVR is enabled by default in release FF57 and 
can be used to access insecure sites until they are updated.


_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to