I described some reasons to switch to HTTPS on my website. To be completely honest though, I didn’t finally get off my ass do that for any of those good reasons. I did it because I was building a map thing which requested browser geolocation and I noticed geolocation stopped working in chrome.
I’ve seen this deprecation warning a few times:
“getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.”
But somehow didn’t take it seriously. But yes. New versions of chrome won’t do geolocation unless it’s a HTTPS site. See this for yourself with this very basic geolocation test page on w3schools (which is http). Doesn’t work in chrome.
(Update for Aug 2017) Firefox v55 is going with this lock-down too. It says “Geolocation error: User denied geolocation prompt” as a popup, and in the console “A Geolocation request can only be fulfilled in a secure context.”
Any sensible application should probably be watching out for failure cases with geolocation anyway (see later examples for handling errors), but even so I find it a bit surprising that any old websites using geolocation across the web will be broken. There’s a bit more info on this google developers page
If you use LeafletJS, there’s a
map.locate method which presumably uses the same method internally (
navigator.geolocation.getCurrentPosition), but leaflet also detects the Chrome failure and pops up a different error message…
“Geolocation error: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV)..”
If you use chrome you can see this on my geolocate example (http) here:
…and *Trumpet noise* see it fixed with the newly available https URL: