I described some reasons to switch to HTTPS on my website. To be completely honest though, I didn’t finally get off my ass do that for any of those good reasons. I did it because I was building a map thing which requested browser geolocation and I noticed geolocation stopped working in chrome.
I’ve seen this deprecation warning a few times:
“getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.”
But somehow didn’t take it seriously. But yes. New versions of chrome won’t do geolocation unless it’s a HTTPS site. See this for yourself with this very basic geolocation test page on w3schools (which is http). [Update: Originally this was http, and so didn’t work in chrome. w3schools have since gone https]
The javascript console still only shows it as a deprecation warning not an error, but if your web application was relying on this… it broke.
(Update for Aug 2017) Firefox v55 is going with this lock-down too. It says “Geolocation error: User denied geolocation prompt” as a popup, and in the console “A Geolocation request can only be fulfilled in a secure context.”
Any sensible application should probably be watching out for failure cases with geolocation anyway (see later examples for handling errors), but even so I find it a bit surprising that any old websites using geolocation across the web will be broken. There’s a bit more info on this google developers page
If you use LeafletJS, there’s a map.locate method which presumably uses the same method internally (navigator.geolocation.getCurrentPosition), but leaflet also detects the Chrome failure and pops up a different error message…
“Geolocation error: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV)..”
If you use chrome you can see this on my geolocate example (http) here:
http://harrywood.co.uk/maps/examples/leaflet/geolocate.view.html
…and *Trumpet noise* see it fixed with the newly available https URL:
https://harrywood.co.uk/maps/examples/leaflet/geolocate.view.html
The Geolocation API uses a pay-as-you-go pricing model.
«User denied Geolocation» If you receive this error, it means your device supports geolocation but your mobile browser is unable to access it. To fix this, you need to have two things right: Your mobile device’s location services (GPS) needs to be enabled.
// You can go for an external service like // https://www.geolocation-db.com // They provide a geolocation service based on IP addresses // where you don’t need user permission.
The Geolocation API is accessed via a call to navigator. geolocation ; this will cause the user’s browser to ask them for permission to access their location data. If they accept, then the browser will use the best available functionality on the device to access this information (for example, GPS).
What does a VPN hide? A VPN encrypts and conceals your entire online traffic. It hides your IP address, location, and all digital activities, including downloads, streaming, and gaming activities. A VPN hides your browsing history from your ISP, websites, online snoopers, and even the government.
VPNs change your perceived location by swapping out your real IP address with that of the VPN server. IP addresses are unique sequences of numbers and decimals that identify every device on the internet. An IP address can be used to approximate a device’s location.
Here’s how you can fake your GPS location on an Android device: Head over to Google’s Play store > Fake GPS Location – GPS Joystick. Once installed, launch the app and tap the ‘Set Location’ option. Open the map to select the fake location of your choice via the help of the Latitude and Longitude line in GPS Joystick.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The GeolocationPosition interface represents the position of the concerned device at a given time. The position, represented by a GeolocationCoordinates object, comprehends the 2D position of the device, on a spheroid representing the Earth, but also its altitude and its speed.
Properties
Methods
The GeolocationPosition interface neither implements, nor inherits any methods.
Specifications
Browser compatibility
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
GeolocationPosition |
79 5-78 |
79 12-79 |
72 3.5-71 |
9 |
16 |
13.1 5-13.1 |
79 ≤37-78 |
79 18-78 |
4 |
16 |
13.4 ≤3-13.4 |
12.0 1.0-12.0 |
coords |
5 |
12 |
3.5 |
9 |
16 |
5 |
≤37 |
18 |
4 |
16 |
≤3 |
1.0 |
secure_context_required |
47 |
≤18 |
55 |
No |
34 |
10 |
47 |
47 |
55 |
34 |
10 |
5.0 |
timestamp |
5 |
12 |
3.5 |
9 |
16 |
5 |
≤37 |
18 |
4 |
16 |
≤3 |
1.0 |
See also
- Using the Geolocation API
Geolocation
Web APIs
-
GeolocationCoordinates.longitude
Secure context: This feature available only in contexts (HTTPS), some or all supporting browsers.
-
GeolocationCoordinates.speed
Secure context: This feature available only in contexts (HTTPS), some or all supporting browsers.
-
GeolocationPosition.coords
Secure context: This feature available only in contexts (HTTPS), some or all supporting browsers.
-
GeolocationPosition.timestamp
Secure context: This feature available only in contexts (HTTPS), some or all supporting browsers.
-
1
- …
-
1832
-
1833
-
1834
-
1835
-
1836
- …
-
6050
-
Next
With Chrome 50+, Firefox 55+ and Safari 10+ significant changes to the geolocation support were introduced by the related browser vendors: all applications requesting the current position of the user (not just for Maps Marker Pro´s geolocation feature) are only allowed anymore to retrieve the current position of the user if the site is setup to be delivered securely via https – users will see the following or a similar warning instead:
See more details about this decision by Google at https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only. Geolocation will still work on non-https sites if the users access the site via alternative browsers like Firefox, Safari or Internet Explorer – anyway it could be likely that those browsers will also add a similar security restriction in the future.
Update November 2016: since iOS 10 also Safari 10+ now requires https to support geolocation. The implementation is even more strict than with Google Chrome – geolocation will not work for example if there are mixed-content warnings on your site.
Update 2017: Firefox 55+ also requires https for accessing geolocation (see details)
So if you need the Maps Marker Pro geolocation featue on your site (which with v2.7 even gets more usable as you can sort the list of markers based on the current position of the user), it is strongly advised to migrate your site to https. Some hosters already provide free https certificates from letsencrypt.org for example. For configurations needed within your WordPress site in order to configure it to support https, please have a look at tutorials like https://css-tricks.com/moving-to-https-on-wordpress/.
As https has more advantages for your site than just geolocation working again with Google Chrome 50+ and Safari 10+ (like securing the data integrity, sender authentication and user privacy as well as higher Google ranking as https is used as ranking signal), we strongly advise to switch your site to https only if you haven´t done so yet.
If you switched your site to https and still get a geolocation error (like “Geolocation error: user denied geolocation”), please check your device´s location settings if it is allowed for apps/web sites to retrieve the geolocation.
Updated on 29 May 2022