On 10/24/16 6:29 PM, Adam Roach wrote:
and -- as bz points out -- we don't want to throw an exception
here for spec compliance purposes.
Actually, what I wanted to say is that if we think all browsers should
implement some behavior here then we should get the spec changed to say
so. Shipping the "always deny if non-secure" behavior is technically
spec compliant, in the same way that always denying, period, is
technically spec-compliant, but all that tells us is that the spec in
its current state isn't very good at achieving interoperability.
So once we figure out what the behavior we plan to implement is, we
should ensure that we raise a spec issue to get that behavior standardized.
I do not yet have a strong opinion on whether we should change to the
Chrome behavior, nor how to message this "we're going to break some of
your sites" bit to our users.
-Boris
P.S. It's entirely possible that for the specific case of SF transit no
one is using the website to start with and everyone is using some native
app instead. :( Or at least that the Chrome users are doing that, and
that Firefox users will end up doing so too.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
