Leaflet Geolocation error: Only secure origins are allowed

I described some reasons to switch to HTTPS on my website. To be completely honest though, I didn’t finally get off my ass do that for any of those good reasons. I did it because I was building a map thing which requested browser geolocation and I noticed geolocation stopped working in chrome.

I’ve seen this deprecation warning a few times:

“getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.”

But somehow didn’t take it seriously. But yes. New versions of chrome won’t do geolocation unless it’s a HTTPS site. See this for yourself with this very basic geolocation test page on w3schools (which is http). [Update: Originally this was http, and so didn’t work in chrome. w3schools have since gone https]

The javascript console still only shows it as a deprecation warning not an error, but if your web application was relying on this…  it broke.

(Update for Aug 2017) Firefox v55 is going with this lock-down too. It says “Geolocation error: User denied geolocation prompt” as a popup, and in the console “A Geolocation request can only be fulfilled in a secure context.”

Any sensible application should probably be watching out for failure cases with geolocation anyway (see later examples for handling errors), but even so I find it a bit surprising that any old websites using geolocation across the web will be broken. There’s a bit more info on this google developers page

If you use LeafletJS, there’s a map.locate method which presumably uses the same method internally (navigator.geolocation.getCurrentPosition), but leaflet also detects the Chrome failure and pops up a different error message…

“Geolocation error: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV)..”

If you use chrome you can see this on my geolocate example (http) here:

http://harrywood.co.uk/maps/examples/leaflet/geolocate.view.html

…and    *Trumpet noise*   see it fixed with the newly available https URL:

https://harrywood.co.uk/maps/examples/leaflet/geolocate.view.html

HTTPs on this site

I made harrywood.co.uk run on HTTPS recently. Quite easy to do, and free using letsencrypt

https

Why encrypt harrywood.co.uk?

On the face of it there’s not much point. This is mostly just a straightforward read-only website. Not much scope for bad people to be snooping anything interesting. No passwords or credit cards or anything. General “tracking” doesn’t seem particularly problematic either. Who really cares if somebody can track the fact that you’ve been visiting these sweet innocent innocuous blog posts? Well…

Some types of commercial web tracking only tend to get creepy when they happen in bulk. The evil corporate advertising machine won’t learn much about you from knowing you read a blog post on harrywood.co.uk, but it might start to know you pretty well if it knows this and the previous thousand websites you visited. Encryption throws a spanner in the works for some types of tracking.

Government tracking by intelligence agencies, is also thwarted by encryption (more so probably). They would also like to intercept your browsing traffic to get to know you with their big evil AI. Now sometimes I think it’s fair enough for governments to do a bit of anti-terrorism targeted snooping, but the trouble is it’s too easy for politicians to make that simple-minded argument. The flipside is a subtle future threat of eroded freedoms. That’s tricky, and in general I don’t trust politicians to weigh it up properly. We can use technical measures (encryption!) to help things move in a more freedom preserving direction.

Tracking is a numbers game, done across many websites, and equally encryption as a counter-measure is more effective if we encrypt many websites. If we start to be able to browse a significant proportion of the web in HTTPS, even right down to piddly little websites like this one, then we’ll be getting somewhere. As a result it’s becoming recommendation and slowly a sort of groundswell of expectation on webmasters to do this. It’s slow to get lazy webmasters like me to do something like this, but …well now’s the time for harrywood.co.uk (Who knows? One day I may actually work on updating the content!)

Encryption helps protect against password snooping security issues. harrywood.co.uk has no user passwords, except…  my own password for logging in to write blog posts. I’ve probably used this from public wifi access points in the past. Slapped wrists for me. But now I guess I can be a little more relaxed about that. Speaking of wifi, wifi javascript injection (attacks or just crappy advertising) seems like a nasty problem. Are we safe using any wifi these days? Well we’re a lot safer from this when browsing HTTPS sites.

Free iOS games

Here’s some iOS games I’ve found enjoyable. These are all FREE.

angry-birdsObviously Angry Birds is a good place to start if you’ve not played any games on your phone. A blockbuster success for a reason. Quite addictive, and broad appeal (meaning they’ll draw you in, even if you’re not the kind of person that enjoys games). There’s also more of the same with several variations on the theme: Angry birds seasons. Angry birds star wars. Angry birds rio. etc etc.

I guess Candy Crush is similar. That one’s so mainstream my wife plays it. Personally I’ve deliberately denied myself that time-waster. In general I’m trying to avoid the super-mainstream blockbuster apps, but…

dotsDots is the stylish minimalist version of candy crush. Same idea. Swiping to match up lines and clear things tumbling down from above. But yes, less cutesy more minimalist graphics.

line-upLineup Puzzle. Make lines from different shapes, very similar to tetris, but without the blocks tumbling down from above (is this all sounding abstract enough for you)

amazing-thiefAmazing Thief. Another super-dinky little game. In fact this “Ketchapp” developer seems to specialise in insanely simple little free games. I’ve tried a lot of them, but this one was my favourite. I don’t quite know why I played this one until I managed I score of 22. Maybe because the single tap control is good for playing while crammed on a crowded tube train.

little-craneThe Little Crane That Could. Ever wanted to pull those levers to control an articulated crane? This 3D crane simulation is remarkably entertaining. I think it’s the realistic physics simulation that makes it. The free version only gives 5 missions. Even I have been tempted to pay for more.

airplaneAirplane! So speaking of physics I tried a few flight sim free apps. This one didn’t have particularly good physics, but it kept me entertained for quite a while for some reason. Maybe the choice of planes and the challenge of enabling new ones.

f18-carrier-landingF18 Carrier Landing. This one has better physics and more interesting controls. Weirdly they went to the trouble of developing this nice flight-sim engine and then made the game mission extremely limited. You just land on an aircraft carrier. That’s it. It’s like they forgot to make the rest of the game. But randomised weather conditions and start locations kept me entertained.

I can’t say I’ve done a systematic review of lots of free apps by genre. This is just some apps I’ve stumbled across and which turned out to be pretty entertaining (sometimes against my first impressions).

Playing silly little games on my phone is a guilty pleasure of mine. I’ve generally only ever installed free games, because… well, long story short, I’m a cheapskate. But they are very hit & miss. They can be a bit rubbish or not working at all for whatever reason. Increasingly they can have such unbearable advertising bombardments, in-app purchase nags, or sign-up demands, that I don’t really get as far as figuring out if the game is any good. Sorting the wheat from the chaff is a problem. Hence I thought this list might be useful for others.

I’d like to list some free and open source examples, but it seems open source isn’t a big thing for iOS developers. There’s very few working games on the appstore (as opposed to game engines / ideas) where you can also find the source code. I thought I’d installed Lumio off the appstore (quite a nice little game) but can’t find it on there any more.

I’m actually getting around to writing this finally now that I’m ditching my iPhone (and all these games) and swapping to a new android phone! I imagine I may be able to write a similar list but just for free open source games on android.