Remove geolocation from Insecure Contexts (removed)

Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing geolocation from insecure contexts. Geolocation is a powerful feature that allows access to the user's precise location, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Removed (launch bug) in:

  • Chrome for desktop release 50
  • Opera release 37
  • Opera for Android release 37

Consensus & Standardization

  • Public support
  • No public signals
  • No public signals
  • Mixed signals

Owner

Last updated on 2017-06-14