Firefox logo

In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").

"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," said Anne van Kesteren, a Mozilla engineer and author of several open web standards.

This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox.

The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.

Mozilla continues its push for HTTPS

The move comes after a continuous push from browser makers to force website owners and developers to adopt HTTPS as a default state for the Web.

Mozilla has been tremendously helpful in this manner via the Let's Encrypt project, which it supported since the beginning.

Almost 65% of web pages loaded by Firefox in November used HTTPS, compared to 45% at the end of 2016, according to Let's Encrypt numbers.

Google never announced a formal rule that all new standards/features must work via HTTPS, but its engineers have always implemented recent features to work in secure contexts only [source].

New developer tools coming to Firefox

In addition to enforcing an HTTPS-only rule for new standards/features, Mozilla understands it must change the mind and working habits of day-to-day web developers.

As such, Mozilla also plans to add developer tools to future Firefox releases to enable testing without an HTTPS server. This will help developers deploy HTTPS-friendly sites and apps even for older features (WebVR, Payment Request API, etc.) that have not been implemented in a strict HTTPS-only manner in Firefox.

Related Articles:

Firefox Now Shows Warnings On Sites with Data Breaches

Mozilla Added WebP Image Support to Firefox 65

Mozilla Firefox to Support Google's WebP Image Format

Mozilla Firefox Adding Setting to Disable Recommended Extensions

Mozilla Firefox 63 Released with Enhanced Tracking Protection and More