Aryeh Gregor writes: > On Tue, Oct 25, 2016 at 8:12 PM, Anne van Kesteren <ann...@annevk.nl> wrote: >> The basic problem is prompting the user at all for non-HTTPS since >> that leads them to think they can make an informed decision whereas >> that's very much unclear. So prompting more would just make the >> problem worse. >> >> We want to get to a place where when we prompt the user on behalf of a >> website we have some certainty who is asking the question (i.e., >> HTTPS). > > By that logic, we should not permit users to submit forms to non-HTTPS > either.
I guess that would be ideal, but there are some situations where it doesn't matter if the world sees the form data. Similarly there may be some situations where the user is happy for the world to know their location. The UA just needs to make it clear who can see this information and for how long. This is, however, assuming the user will make a reasonable decision based on that info. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
