search

json-ld / json-ld.org

JSON for Linked Data's documentation and playground site
https://json-ld.org/
Other
859 stars 152 forks source link

Use https for AS context in playground Activity example #669

Closed csarven closed 6 years ago

davidlehn commented 6 years ago

The spec does say it can be either https or http: https://www.w3.org/TR/activitystreams-core/#jsonld

Is best practice to use https?

cwebber commented 6 years ago

I think so, even though the spec doesn't actually mandate that. Less chance of tampering.

Not sure anyone's ever tried tampering with a json-ld context in the wild before to remap certain terms to other things... I guess you could do it, if you were very clever. But hey, best practices and all that.

davidlehn commented 6 years ago

w3.org uses hsts and similar techniques so it's likely at least browsers will never have an issue. I was more wondering if tools are expecting an exact string for the context. Ie, to use a local version vs load from the network. I think I'll just update it since the http version is a MAY. I so wish http just had security built in by default.

davidlehn commented 6 years ago

Fixed. https://github.com/json-ld/json-ld.org/pull/670