Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Jeremy Keith
Jeremy Keith

Posted on • Originally published atadactio.com on

     

CSS for all

This was originally postedon my own site, which is awesome.

There have been some great new CSS properties and values shipping in Firefox recently.

Miriam Suzanne explains the difference between the newerrevert value and the olderinherit,initial andunset values ina video on the Mozilla Developer channel:

display: revert;

Inanother video, Jen describes some new properties for styling underlines (on links, for example):

text-decoration-thickness: 0.1em;text-decoration-color: red;text-underline-offset: 0.2em;text-decoration-skip-ink: auto;

Great stuff!

As far as I can tell, all of these properties are available to you regardless of whether you are serving your website over HTTP or over HTTPS. That may seem like an odd observation to make, but I invite you to cast your mind back to January 2018. That’s when the Mozilla Security Blog posted about moving tosecure contexts everywhere:

Effective immediately, all new features that are web-exposed are to be restricted to secure contexts. Web-exposed means that the feature is observable from a web page or server, whether through JavaScript, CSS, HTTP, media formats, etc. A feature can be anything from an extension of an existing IDL-defined object,a new CSS property , a new HTTP response header, to bigger features such as WebVR.

(emphasis mine)

Buzz Lightyear says to Woody: Secure contexts …secure contexts everywhere!

Despite that “effective immediately” clause, I haven’t observed any of the new CSS properties added in the past two years to be restricted to HTTPS. I’m glad about that.I wrote about this announcement at the time:

I am in total agreement that we should be encouraging everyone to switch to HTTPS. But requiring HTTPS in order to use CSS? The ends don’t justify the means.

If there were valid security reasons for making HTTPS a requirement, I would be all for enforcing this. But these are two totally separate areas. Enforcing HTTPS by withholding CSS support is no different to enforcing AMP by withholding search placement.

There’s no official word from the Mozilla Security Blog about any change to their two-year old “effective immediately” policy, andthe original blog post hasn’t been updated. Maybe we can all just pretend it never happened.

This was originally postedon my own site, which is awesome.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Read next

bobcars profile image

Unveiling Lucent Public License 1.02: A Balanced Approach to Fair Code

Bob Cars(on) -

githubopensource profile image

Misconfig Mapper: Your New Secret Weapon for Cloud Security

GitHubOpenSource -

cristianalex_17 profile image

How Does Golang Manage Memory in 2025?

Negrito 👌 -

timescale_dev profile image

Timescale 2025: Scaling Real-Time Analytics in Postgres

Team Timescale -

¯\_(ツ)_/¯
  • Location
    Brighton, UK
  • Work
    Web Stuff Do-er at Clearleft
  • Joined

More fromJeremy Keith

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp