diff options
author | Michael Catanzaro <mcatanzaro@igalia.com> | 2018-03-29 15:38:02 -0500 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@igalia.com> | 2018-03-29 15:45:45 -0500 |
commit | 762c7bc98c43925a98c09d1ace4e1c7357c2806f (patch) | |
tree | 0d2c1ea94ceff530ea4daa08c3fca77e87914d7f /meson_options.txt | |
parent | 45599c137f43ad15bcf51fd91deab63a2dad5fd4 (diff) | |
download | epiphany-762c7bc98c43925a98c09d1ace4e1c7357c2806f.tar.gz |
Remove the HTTPS Everywhere support
It's experimental and not supposed to be enabled, but got turned on in
Arch, so best move it to a sidebranch for now. I'm not sure if we'll
ever bring it back, though. HTTPS Everywhere was a great idea a few
years ago, when it was common for websites to offer experimental support
for HTTPS but not redirect users to it automatically. Nowadays, such
websites almost always problems, such as blocked mixed content or invalid
HTTPS certificates, or have disabled HTTPS since the ruleset was
written. That means, to do this right, we have to ignore TLS errors --
including in subresources -- and disable mixed content blocking. This
scheme to preserve web compatibility needs to be implemented before we
consider bringing it back.
Meanwhile, more and more websites are redirecting to HTTPS and are
nowadays configured to handle this correctly, so the necessity of HTTPS
Everywhere is lower now than ever before, and decreasing fast. Moreover,
if a website implements its own proper support for HTTPS and starts
automatically redirecting users to it, but the ruleset is not updated,
then under the scheme I propose above, the ruleset would become a way of
*reducing* security for websites once they've begun to support HTTPS. So
I'm skeptical that we should bring this back at all. Times, they are
a-changing.
https://bugzilla.gnome.org/show_bug.cgi?id=794803
Diffstat (limited to 'meson_options.txt')
-rw-r--r-- | meson_options.txt | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/meson_options.txt b/meson_options.txt index 4afbd841e..f81ea8850 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -10,12 +10,6 @@ option('distributor_name', description: 'Distributor name displayed on process crash page' ) -option('https_everywhere', - type: 'boolean', - value: false, - description: 'Enable experimental HTTPS Everywhere support' -) - option('tech_preview', type: 'boolean', value: false, |