ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a “secure context“).
“Effective immediately, all new features that are web-exposed are to be restricted to secure contexts,” said Anne van Kesteren, a Mozilla engineer and author of several open web standards.
This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.
The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features “will be considered on a case-by-case basis,” and will slowly move to secure contexts (HTTPS) exclusively in the future.
Mozilla continues its push for HTTPS
The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.
Mozilla has been tremendously helpful in this manner via the Let’s Encrypt project, which it supported since the beginning.
Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016, according to Let’s Encrypt numbers.
Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [source].
New developer tools coming to Firefox
In addition to enforcing an HTTPS-only rule for new standards/features, Mozilla understands it must change the mind and working habits of day-to-day web developers.
As such, Mozilla also plans to add developer tools to future Firefox releases to enable testing without an HTTPS server. This will help developers deploy HTTPS-friendly sites and apps even for older features (WebVR, Payment Request API, etc.) that have not been implemented in a strict HTTPS-only manner in Firefox.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.