Add requirement to only be enabled in secure context

2023-06-19 14:46:59 +00:00 · 2023-06-19 14:46:59 +00:00 · 25aaa6524c
parent b8a049e76e
commit 25aaa6524c
1 changed files with 5 additions and 0 deletions
--- a/docs/spec.bs
+++ b/docs/spec.bs
@ -131,6 +131,11 @@ stores state in the [=Integrity verdict=] that can be used for cross site tracki

 ## Security considerations ## {#security}

+### Secure context only ### {#security-secure-context}
+
+Web environment integrity MUST only be enabled in a [=secure context=]. This is to ensure that the
+website is not spoofed.
+
 <i>Todo</i>

 ## Privacy considerations ## {#privacy}