MCe needs HTTPS
Offline Functionality

Executive Summary

This document is mostly not needed anymore (2025.02), but there are tiny number of holdouts that are missing the benefits by not being HTTPS. This document is for them.

You need to be running with HTTPS and modern browsers we support to get the fastest and most featureful experience.

Running on HTTP or older browsers like Internet Explorer (that HAS been upgraded, many years ago, it is called 'Edge') will mean a loss of features, functionality and poor – sometimes terrible – performance in situations where running on HTTPS and modern browsers would give you all the features, functionality and performance.

In addition, I know many IT departments claim that HTTP is safe. But the fact is – HTTP is not safe, there are many ways it can be compromised and 'never had a problem yet' is not the same as 'it is safe'.

One of the advantages of an 'offline' product is that, correctly written (and MCe is), you will in almost every situation have significantly better performance than software like MC Express or MC that has to go back and forth to the server every time for everything. Because any data they need we might have and at worst, we will need exactly what they need.

Overview

MCe has since the turn of the century (millennium), been known for its ability to work offline. (Written starting in 2000, shipped to first customers in 2003)

We have used the most modern tools to do this.

If you are running in 'Reduced Functionality Mode', you have lost some of that functionality due to your environment or browser choice.

One of the major tools we use, recently (Chrome was the first browser in October 2018, version 70) was removed when running in HTTP.

  • Edge is expected to take away that ability in Nov 2018.
  • Safari has made steps but has not said when they are removing that capability.

We assume that browsers like Edge and Safari took a 'wait a bit and let Chrome take all the flak since Chrome is used by 80% of people, then we'll switch a few months later after every well run website has switched to HTTPS, and we will look better than Chrome that way.' But that is all past, they have caught up.

T Browser Tab Buttons his means that if you are running in HTTP, in Chrome you can only run offline until your browser tab is refreshed (Such as hitting F5 or hitting the refresh button or the back/forward arrows, or you stop/start the browser.

Making a direct comparison:

Chrome HTTPS: Our software can run for weeks without ever reconnecting to the internet. You can even reboot your computer.

Chrome HTTP: Starting with version 70, Chrome took away that power. Our software runs until the tab is refreshed.

The good news – no data loss!

Unlike tools like MC Express or MC, you do NOT lose any data when this happens. We save your data, and as long as you don't 'clear cache' (or similar functions to wipe out your data), when you next have a connection

Under HTTP your experience will be slower

There are two ways it is slower.

First of all, if you are running in HTTP you likely are running in reduced Functionality mode due to the browser refusing to support tools we need (AppCache or Service Workers) in HTTP. Some browsers still DO support AppCache in HTTP, but they will all be changing to match the other browsers at some time.

The effect of this is that every time you refresh your page, we, like MC and MC Express, have to load the software onto your device. When you run on HTTPS our software is able to cache the software on your device so now, unlike MC Express and MRO, we already have that on your device, we don't have to get it again until there is an upgrade.

And bonus, when there *is* an upgrade, starting years ago with MCe 8.4.760, we grab that upgrade in the background, and do a very fast switch to the new code once you do something like switch to a list page or edit page.

Second, there are faster protocols (a fancy word for 'how stuff is moved across the internet') that are only permitted in HTTPS. If you read an article from the 1980's you may have read that HTTPS is slower than HTTP, but that is outdated. A properly setup HTTPS should be significantly faster than the best possible HTTP was.

What should you do?

Your IT department should move to HTTPS. This is the only current industry accepted standard, and the industry attitude has been very unanimous on this since 2017, and most people in 2015 and 2016 agreed, it was just harder to achieve back then so it wasn't pushed as hard.

For technical people, some key technologies we are using:

AppCache – this is a deprecated feature in most browsers. (IE 10 and 11 don't technically have it deprecated, because IE 10 and 11 are past the end of their life so they aren't changing. Edge is the 'next version' of IE 11 in any event.) While it is deprecated, we still support it for now because it allows some of our customers to work within their environment better. We plan to continue to support it, but not require it, as long as we can.

So what do we use now whenever possible instead of AppCache? Service Workers.

Service Workers are much nicer than AppCache and we are using Service Workers to give a better and better experience.

So why don't we just use Service workers?

While we don't 'support' HTTP, we made a promise that we would not purposely break HTTP. We 'support' HTTP on an hourly basis when the problems are related to the HTTP use, but we do and will continue to run with HTTP as long as we realistically can.

But Service Workers are, by SPEC, not available in HTTP. They would be incredibly dangerous in HTTP, they would give hackers huge capabilities. So there is not a single browser that we support, and as far as I know, not a single browser in the world that supports Service Workers with HTTP.

To use Service Workers and to gain their benefit, you must be running

  1. HTTPS
  2. A modern browser, and really, for popular browsers this means "don't use IE 10 or 11".