Remove geolocation from Insecure Contexts

Remove geolocation from Insecure Contexts (removed)

Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing geolocation from insecure contexts. Geolocation is a powerful feature that allows access to the user's precise location, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.

Documentation

Part of the larger effort to remove powerful features on insecure origins:
https://chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
blink-dev discussion and API owner approval:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ylz0Zoph76A/C1VNAhJ8BQAJ

Specification

Editor's draft

Status in Chromium

Blink components: Blink

Removed (launch bug) in:

Chrome for desktop release 50
Opera release 37
Opera for Android release 37

Consensus & Standardization

Firefox: Public support
Edge: No public signals
Safari: No public signals
Web Developers: Mixed signals

Owner

jww@chromium.org

Last updated on 2017-06-14