How we built it

Remove geolocation from Insecure Contexts (removed)

Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing geolocation from insecure contexts. Geolocation is a powerful feature that allows access to the user's precise location, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.

Documentation

Specification

Editor's draft

Status in Chromium

Removed (launch bug) in:

  • Chrome for desktop release 50
  • Opera release 37
  • Opera for Android release 37

Consensus & Standardization

  • Public support
  • No public signals
  • No public signals
  • Mixed signals

Owner

Last updated on 2016-04-20