Mozilla Firefox to require HTTPS in order to use latest features

Profile image of Mattias Geniar

Mattias Geniar, January 16, 2018

Follow me on Twitter as @mattiasgeniar

This is a pretty bold move! All new JavaScript or CSS features are only going to be exposed on “Secure Contexts”, aka HTTPS sites.

If your site isn’t on HTTPS, you can’t use the latest features in Firefox.

It does raise good questions about development environments, guess you’ll need to run HTTPS locally too?

*Update*: “secure context” refers to HTTPs, but “localhost” is also a secure context. So local dev environments shouldn’t be hindered by this.

Requiring secure contexts for all new features

Effective immediately, all new features that are web-exposed are to be restricted to secure contexts. Web-exposed means that the feature is observable from a web page or server, whether through JavaScript, CSS, HTTP, media formats, etc. A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR. In contrast, a new CSS color keyword would likely not be restricted to secure contexts.

Source: Secure Contexts Everywhere | Mozilla Security Blog