The heart of tech

This article was published on January 29, 2016


Firefox tests warning when any form is sent over HTTP

Firefox tests warning when any form is sent over HTTP
Owen Williams
Story by

Owen Williams

Former TNW employee

Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

A major change is coming to Firefox in the near future: if you use any form on your site, and it isn’t secured with HTTPS, the browser will mark it as insecure.

Mozilla indicated this change was coming, but it’s now part of Firefox 46 developer edition so that those with affected websites have time to fix their issues.

On that build, you’ll see a lock with a cross through it when there’s a form element on the page but no HTTPS. This will happen even if you have HTTPS enabled but the form itself isn’t delivered over the secure protocol.

struckthrough-lock-before-after

If it’s rolled out to all versions of Firefox, the change will have wide-reaching implications for a number of sites, since many include forms for things like newsletter signups but don’t bother encrypting those in transit as it’s not exactly sensitive information.

Mozilla says that the change isn’t planned to be dropped into the beta or general release Firefox yet, but it’s expressed the intent in the past to make the change eventually.

It’s good progress for browser builders to enforce stricter rules around HTTPS, given that it’s still frequently misused or forgotten. Google also added a feature to Chrome that will push developers to use HTTPS this week.

Also tagged with