Closed csarven closed 6 years ago
I think so, even though the spec doesn't actually mandate that. Less chance of tampering.
Not sure anyone's ever tried tampering with a json-ld context in the wild before to remap certain terms to other things... I guess you could do it, if you were very clever. But hey, best practices and all that.
w3.org uses hsts and similar techniques so it's likely at least browsers will never have an issue. I was more wondering if tools are expecting an exact string for the context. Ie, to use a local version vs load from the network. I think I'll just update it since the http version is a MAY. I so wish http just had security built in by default.
The spec does say it can be either https or http: https://www.w3.org/TR/activitystreams-core/#jsonld
Is best practice to use https?