Remove geolocation from Insecure Contexts

Feature: Remove geolocation from Insecure Contexts (removed)

Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing geolocation from insecure contexts. Geolocation is a powerful feature that allows access to the user's precise location, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.

Documentation

Part of the larger effort to remove powerful features on insecure origins:
https://chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins
blink-dev discussion and API owner approval:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ylz0Zoph76A/C1VNAhJ8BQAJ

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink

Implementation status: Removed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Positive
Edge: No signal
Safari: No signal
Web Developers: Mixed signals

Owner

jww@chromium.org

Last updated on 2020-11-09