On Monday 2019-10-21 16:01 -0500, Mike Taylor wrote: > Hi David, > > On 10/21/19 7:22 AM, L. David Baron wrote: > > (That we haven't applied the policy that much because we've granted > > exceptions because other browsers have shipped the features reduces > > the effectiveness of the policy and its ability to meet its goals. > > This is the sort of policy that is most effective if it applies to > > the largest number of thngs, both because it has larger effects and > > because it sets much clearer expectations about what will be limited > > to secure contexts. I think it's worth considering reducing that > > exception to the existence of actual web compat problems from the > > secure contexts limitation.) > > Can you unpack this a little here? > > Are we saying we would ship features in non-secure contexts because sites > theoretically rely on that behavior due to another browser shipping as > non-secure before we did? (This sounds like the current rationale for > exceptions, I think). > > Or are we saying we would ship a feature by default as secure and be willing > (compelled?) to move to non-secure if we discover sites rely on other > significant market share browsers not requiring a secure context for said > feature -- once our users reported the bugs (or we did some kind of analysis > beforehand)?
I'm saying that we've been doing what you describe in the first paragraph but maybe we need to shift to what you describe in the second paragraph in order for the policy on secure contexts to be effective. -David -- 𝄞 L. David Baron http://dbaron.org/ 𝄂 𝄢 Mozilla https://www.mozilla.org/ 𝄂 Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offense. - Robert Frost, Mending Wall (1914) _______________________________________________ dev-platform mailing list email@example.com https://lists.mozilla.org/listinfo/dev-platform