In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").
"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," said Anne van Kesteren, a Mozilla engineer and author of several open web standards.
This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.
The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.
Mozilla continues its push for HTTPS
The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.
Mozilla has been tremendously helpful in this manner via the Let's Encrypt project, which it supported since the beginning.
Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016, according to Let's Encrypt numbers.
Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [source].
New developer tools coming to Firefox
In addition to enforcing an HTTPS-only rule for new standards/features, Mozilla understands it must change the mind and working habits of day-to-day web developers.
As such, Mozilla also plans to add developer tools to future Firefox releases to enable testing without an HTTPS server. This will help developers deploy HTTPS-friendly sites and apps even for older features (WebVR, Payment Request API, etc.) that have not been implemented in a strict HTTPS-only manner in Firefox.
Comments
jack_alexander2 - 6 years ago
Guess that is an effort to put EFF out of business. How about Mozilla reverse the mistakes they've made in recent versions beginning with Firefox 57. Long live Basilisk and Waterfox!
jordi_ponttrencat - 6 years ago
After using FF for many years, its now dead for me. No more appearance as I like (AddOns). Problems with some Sites etc. Sorry, I changed to Palemoon which will hopefully stay what I like!
RobertoKdev - 6 years ago
They have definitely departed what from made it differentiated. Chrome has them on Speed. Chromium is available for those who don't love Google. The HTTPS everywhere makes it extremely difficult to monitor and secure a home network (Children's network access). They have changed from their mission of putting the users in charge. EFF's recommendation for supporting Firefox was based on open-web and avoiding the EME, but Firefox implemented the EME, the same as Chrome. Other than Vivaldi or Chromium, there aren't a lot of good options for usage that do not involve tracking of everything. Google Chrome does it with the Browser Controls, and Microsoft can do it through the operating system networking stack, even if the browser itself isn't made for it. There aren't really any options for privacy other than Mozilla or derivatives of Chromium.