Closed
Bug 1291405
Opened 8 years ago
Closed 7 years ago
[webvr] Evaluate security policy for non-HTTPS WebVR sites
Categories
(Core :: WebVR, defect)
Core
WebVR
Tracking
()
RESOLVED
DUPLICATE
of bug 1381645
People
(Reporter: kip, Unassigned)
Details
(Whiteboard: [webvr] [gfx-noted])
WebVR is considered a "Powerful new feature" and will require HTTPS:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
I'm told WebVR bugs go mostly in Core :: Graphics with the [webvr] whiteboard tag.
Component: Security → Graphics
Whiteboard: [webvr]
|
||
Comment 2•8 years ago
|
||
There's been some heated discussions going back and forth regarding this after Brandon Jones from the Google team mentioned that they'll be making WebVR only available to secure origins [1]. Richard from the FX security team also started a thread which got pretty heated as well.
[1] https://mail.mozilla.org/pipermail/web-vr-discuss/2016-July/001151.html
[2] https://mail.mozilla.org/pipermail/web-vr-discuss/2016-July/001174.html
|
||
Updated•8 years ago
|
Whiteboard: [webvr] → [webvr] [gfx-noted]
|
||
Updated•8 years ago
|
Summary: [webvr] Enable WebVR only for HTTPS sites → [webvr] Evaluate rules for non-HTTPS WebVR sites
|
|
||
Updated•8 years ago
|
Summary: [webvr] Evaluate rules for non-HTTPS WebVR sites → [webvr] Evaluate security policy for non-HTTPS WebVR sites
|
Reporter | |
Updated•8 years ago
|
Component: Graphics → WebVR
|
||
Comment 3•7 years ago
|
||
I'd like to know what the status is here. At the very least we should be sending out deprecation warnings for navigator.getVRDisplays() on insecure contexts.
|
|
||
Comment 4•7 years ago
|
||
Seems this can be duplicated against bug 1381645 at this point?
|
||
Comment 5•7 years ago
|
||
Thanks Anne!
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•