TL;DR the Geolocation API will be restricted to secure contexts in Firefox 55 (due in August).
Hi there, as a follow-up to [1], we're moving forward to restrict Geolocation API only to secure contexts. This is due to a number of important reasons: 1. Chrome and Safari have already deprecated insecure geo requests last year (Firefox is the only major browser still allowing them) 2. We've deprecated "Insecure HTTP" in 2015 [2] 3. It's easier than ever to get a valid SSL certificate 4. It's cheaper than ever to get a valid SSL certificate (actually it's free) Even though we've landed all the necessary groundwork in [3], this is gonna be a slow rollout to give everybody plenty of time to adjust. In Firefox 54 (currently in Nightly): the insecure Geolocation API are protected by the preference "geo.security.allowinsecure" that defaults to true on all the channels (true = accept insecure requests = no change). Firefox 54 is due in june [4]. In Firefox 55 we will flip the switch and all the requests to navigator.geolocation.getCurrentPosition() and watchPosition() will only be fulfilled if in a secure context. Firefox 55 is due in august. The tracking bug is [5]. [1] http://bit.ly/2jZYXkK [2] https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ [3] http://bugzil.la/1269531 [4] https://wiki.mozilla.org/RapidRelease/Calendar [5] http://bugzil.la/1072859 -- Bye, Michelangelo _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
