[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: https by default
I also see that w3m-util.el, line 806, there is defined a constant
`w3m-url-fallback-base' , set to "http:///", not "https:///".
On 2017-07-16 07:44, Boruch Baum wrote:
> I noticed just now that in w3m.el, function `w3m-canonicalize-url',
> line 4574, that http is being used instead of https. Would it be much
> of a problem to default to https instead?
> The policy difference is one of "opt-in" versus "opt-out". Currently,
> if one wants https, one needs to "opt-in" by remembering to go through
> the trouble of manually pre-pending "https://" to one's url.
> Being that https is "safer" and "more secure" and "better for privacy"
> and being that it has become much more widely implemented this past
> year, I suggest that it should be "opt-out". The result would be
> that if a website does not support https, the user will see an error
> message, and have to manually re-send with the http: explicitly
> On a related note, I notice that the emacs-w3m website does not
> seem to support https.
>  https://tech.slashdot.org/story/17/02/01/1250214/https-adoption-has-reached-the-tipping-point
>  http://emacs-w3m.namazu.org/
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0