Mozilla has outlined the plan for HTTP deprecation here. Here is their outlined schedule:
Phase 0: Define “privileged contexts”. This is the thing to which features will be limited, encompassing at least HTTPS origins. This is already in progress in the WebAppSec WG.
Phase 1: Declare that after Date X.0, privileged contexts are required for all new features. We will need to decide (1) the date, and (2) the scope of “new features” — are things like new CSS attributes included, or only new web APIs?
Phase 2.N: Declare that after Date X.N, privileged contexts are required for set S.N of existing features. The selection of features will need to balance security benefit versus compatibility impact.
Phase 3: Essentially all of the web is HTTPS.
They plan to move in stages so developers are prepared for the switch.
One could imagine a few ways that features could be grouped into 2.N tranches, but it seems like it would be most effective to have a regular schedule of “releases”, say every six months. That will help ensure maximum visibility of the deprecations to developers, compared to, say setting different deprecation dates for each different API.
The move isn’t really surprising, especially with industry leader Chrome doing this as well. According to HTTP Archive, only 15% of webpage requests are currently done over HTTPS so perhaps Chrome and Firefox making this change will encourage more sites to make the secure switch.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020