[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Re: https by default



I also see that w3m-util.el, line 806, there is defined a constant
`w3m-url-fallback-base' , set to "http:///";, not "https:///";.


On 2017-07-16 07:44, Boruch Baum wrote:
> I noticed just now that in w3m.el, function `w3m-canonicalize-url',
> line 4574, that http is being used instead of https. Would it be much
> of a problem to default to https instead?
>
> The policy difference is one of "opt-in" versus "opt-out". Currently,
> if one wants https, one needs to "opt-in" by remembering to go through
> the trouble of manually pre-pending "https://"; to one's url.
>
> Being that https is "safer" and "more secure" and "better for privacy"
> and being that it has become much more widely implemented this past
> year[1], I suggest that it should be "opt-out". The result would be
> that if a website does not support https, the user will see an error
> message, and have to manually re-send with the http: explicitly
> pre-pended.
>
> On a related note, I notice that the emacs-w3m website[2] does not
> seem to support https.
>
> references
> [1] https://tech.slashdot.org/story/17/02/01/1250214/https-adoption-has-reached-the-tipping-point
> [2] http://emacs-w3m.namazu.org/

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0