[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

https by default

I noticed just now that in w3m.el, function `w3m-canonicalize-url',
line 4574, that http is being used instead of https. Would it be much
of a problem to default to https instead?

The policy difference is one of "opt-in" versus "opt-out". Currently,
if one wants https, one needs to "opt-in" by remembering to go through
the trouble of manually pre-pending "https://"; to one's url.

Being that https is "safer" and "more secure" and "better for privacy"
and being that it has become much more widely implemented this past
year[1], I suggest that it should be "opt-out". The result would be
that if a website does not support https, the user will see an error
message, and have to manually re-send with the http: explicitly

On a related note, I notice that the emacs-w3m website[2] does not
seem to support https.

[1] https://tech.slashdot.org/story/17/02/01/1250214/https-adoption-has-reached-the-tipping-point
[2] http://emacs-w3m.namazu.org/
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0