registerProtocolHandler() gives a webpage a mechanism to register itself to control a protocol after a user consents. For example, a chat application could control the irc: scheme (named protocol in the API).
Chromes current telemetry suggests a usage of 0.002836% on insecure pages which is low enough to deprecate: https://www.chromestatus.com/metrics/feature/popularity#RegisterProtocolHandlerInsecureOrigin . Due to the API being able to send URL’s path and parameters over insecure pages and the low usage of the API I’d like a fast deprecation here. Content that wants to keep this functionality should protect their users with HTTPS. Work is happening here: https://bugzilla.mozilla.org/show_bug.cgi?id=1429732 . In Firefox 60 I plan to submit the code for deprecation, this will include: - A pref “dom.registerProtocolHandler.insecure.enabled” which controls if the API is enabled - When set to false, the API will be removed from pages with an insecure context. - This is identical to using [SecureContext] in WebIDL, but only when the pref is set to false. - A default pref value in Nightly of false - disabling the API for Nightly - Other builds will receive a deprecation warning which also implements telemetry for this feature. Assuming there are no issues, In Firefox 62 I plan to remove usage of this API on all builds for insecure contexts. Thanks Jonathan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform