• gray@pawb.social
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    2
    ·
    3 months ago

    Less HTTPS = easier government & advertiser data collection

      • AbidanYre@lemmy.world
        link
        fedilink
        English
        arrow-up
        48
        arrow-down
        1
        ·
        3 months ago

        When I spin up a new self hosted service it’s easier to add caddy to the stack than to convince Firefox to load http.

      • cmnybo@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        15
        ·
        3 months ago

        HTTP works fine in Firefox unless you set it to HTTPS only. Even then, you only have to click off a warning to open an HTTP site.

        • hakunawazo@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          3 months ago

          But if you try to load a local resource as localhost in Firefox…

          For the sake of completeness:

          Firefox contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit.

          More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

          Insecure, but fast fix, if you don’t want to install a local webserver:

          about:config
          security.fileuri.strict_origin_policy
          change to false

        • nelson@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          I’d rather not send credentials over plain text. Even in a homelab environment

      • gray@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        I’m sure google will fix that in chrome, like killing adblocker functionality.