A couple of new tests prevented this from landing a couple of times. Now, it finally stuck.
Kudos to Malte for pushing through and many thanks to all of those who changed their tests or helped review our test changes. Remember to file bugs under the https-first meta bug (see below). 'Malte Jürgens' via [email protected] <[email protected]> schrieb am Do. 6. Juni 2024 um 21:37: > Hello, > > TLDR: We are flipping the pref dom.security.https_first to true in > Firefox Nightly. > > For the last few years, we have been developing a feature called > HTTPS-First. HTTPS-First will upgrade all insecure top-level page loads to > use HTTPS, while falling back to HTTP if the site isn’t available via > HTTPS. This feature has been enabled by default in private browsing since > Firefox 91 > <https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/> > . > > There is now a proposal to standardize this behavior under the name HTTPS > Upgrades <https://github.com/whatwg/fetch/pull/1655> driven by Google. > Our HTTPS-First implementation largely aligns with it, but there are a few > corner cases left unmentioned that we are still hoping to get alignment on. > > With this new proposal, and us having addressed most of the web > compatibility concerns in the last years, we now feel confident enabling > HTTPS-First by default in Nightly (tracking bug > <https://bugzilla.mozilla.org/show_bug.cgi?id=1719271>). Additionally, we > hope to ship HTTPS-First / HTTPS Upgrades in Release by the end of the year. > > By enabling HTTPS-First in Nightly now, we mainly want to ensure that > newly added automated tests work correctly with HTTPS-First. There were a > lot of tests that did not expect a HTTPS page to load when they started to > load a HTTP URL, and thus failed with HTTPS-First enabled. We have fixed > all those failures, by either moving the tests to just use HTTPS directly, > or by manually disabling HTTPS-First for the tests. > > If you have any questions please let us know. > > Best > > Malte Jürgens > Frederik Braun > Simon Friedberger > Christoph Kerschbaumer > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFMeYV7W0ieWy0H4iffJY-w6tOPbPGbApkrGYm9dGRUgtmoZ%2BA%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAFMeYV7W0ieWy0H4iffJY-w6tOPbPGbApkrGYm9dGRUgtmoZ%2BA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAE5OA1WNx%3DZU%2BSjfN8ZAg-z%3DPqsnfpyGBjeL_FsD30n5LstV4w%40mail.gmail.com.
