[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

https by default

From: Boruch Baum <boruch_baum@xxxxxxx>
Date: Sun, 16 Jul 2017 07:44:38 -0400
X-ml-name: emacs-w3m
X-mail-count: 12749

I noticed just now that in w3m.el, function `w3m-canonicalize-url',
line 4574, that http is being used instead of https. Would it be much
of a problem to default to https instead?

The policy difference is one of "opt-in" versus "opt-out". Currently,
if one wants https, one needs to "opt-in" by remembering to go through
the trouble of manually pre-pending "https://"; to one's url.

Being that https is "safer" and "more secure" and "better for privacy"
and being that it has become much more widely implemented this past
year[1], I suggest that it should be "opt-out". The result would be
that if a website does not support https, the user will see an error
message, and have to manually re-send with the http: explicitly
pre-pended.

On a related note, I notice that the emacs-w3m website[2] does not
seem to support https.

references
[1] https://tech.slashdot.org/story/17/02/01/1250214/https-adoption-has-reached-the-tipping-point
[2] http://emacs-w3m.namazu.org/
--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0

Follow-Ups:
- Re: https by default
  - From: Boruch Baum

Prev by Date: Re: error upon load and tab navigation [PATCH included]
Next by Date: Re: https by default
Previous by thread: Re: kill selection buffer window on quit [PATCH included]
Next by thread: Re: https by default
Index(es):
- Date
- Thread

Namazu Search: [Help]