Verify features that are made "HTTPS-only" should be available on .onion sites as well
Firefox 49 is adding an isSecureContext attribute (https://developer.mozilla.org/en-US/docs/Web/API/Window/isSecureContext) we should make sure it returns true on .onion sites as well.
Activity
Can this be made opt-in? I don't really think Tor Browser should support any of the APIs that require Secure Contexts in the first place, even with HTTPS...
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
Trac:
Cc: N/A to yawning
Replying to yawning:
Can this be made opt-in? I don't really think Tor Browser should support any of the APIs that require Secure Contexts in the first place, even with HTTPS...
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
If it turns out to be the case that we think an API is to be disabled in an HTTPS context it won't be available on .onion sites either. This bug is more about stopping to bind
isSecureContextto HTTPS.mentioned in issue legacy/trac#27307 (moved)
mentioned in issue legacy/trac#27313 (moved)
mentioned in issue legacy/trac#28478 (moved)
mentioned in issue legacy/trac#29705 (moved)
mentioned in issue legacy/trac#31899 (moved)
moved from legacy/trac#21728 (moved)
added Feature label and removed 1 deleted label
added Icebox label
removed Icebox label
added Onion Services Roadmap::Future labels
This should be handled by our existing patch for #23247 (closed) ( 4d8c8d8f ) but we should verify.
removed Feature label
added Task label
added All Platforms label
added Apps::Type::Audit label
added Apps::Impact::Unknown label
added Apps::Impact::Medium label and removed Apps::Impact::Unknown label