Re: [MIX] Require HTTPS scripts to be able to anything HTTP scripts can do.

On Mon, Jan 5, 2015 at 3:25 PM, Brad Hill <hillbrad@gmail.com> wrote:
>
> The only thing I can think of is that we are starting to make "Powerful
> Features" of the Web Platform only available to secure applications.   And
> this is a deliberate choice to encourage HTTPS adoption.  We do not want to
> break legacy applications, but we want to set the expectation that if you
> are doing maintenance on your application to add support for new platform
> features, the first feature you need to add is a secure transport.
>

A nit: The restriction of "Powerful Features" to HTTPS isn't primarily to
encourage HTTPS adoption: it's because these features are potentially
dangerous, and we want users to grant that dangerous capability to a
particular name (the origin), not that name *and* their ISP *and* the rest
of the network their packets traverse. There's a secondary benefit that it
encourages HTTPS adoption, but that's not the reason that's been convincing
people it's the right thing to do.

Otherwise, thanks for the clarification of the space.

Jeffrey

Received on Monday, 5 January 2015 23:36:10 UTC