Secure context requirement?

I know that the intention is to require a secure context for using the
Web Cryptography API, and browsers currently do that, but is that
written into the spec? I couldn't find it (but maybe I was looking for
the wrong wording).

I'm writing tests for key generation, and right now I'm just checking
for a secure context and skipping all the tests if I'm not in one. But
perhaps I should explicitly check that the API won't run in such a
context. If so, is there a rule for what kind of exception should be
thrown by the browser?

Charlie

Received on Friday, 22 April 2016 18:39:53 UTC