getCurrentPosition and watchPosition are deprecated on insecure origins

Question

I am getting this error on my website which requests Geolocation data from the user      getCurrentPosition   and watchPosition   are deprecated on insecure origins  and support will be removed in the future  You should consider switching your application to a secure origin  such as HTTPS  See goo gl rStTGz for more details    I mean its basically just a notice  and the google link just says its being deprecated   I have no plans on moving my website to SSL    so is there an alternative for someone like me

User · Answer

In HTTP the error occurs   Set permission for localhost in bellow label Accept requests from these HTTP referrers  web sites     It worked for me

User · Answer

Because switching to HTTPS can be painful or impossible depending on your architecture  I found a workaround solution  you can use the Google Maps Geolocation API  Although it has usage limits  it does the job  You will need an browser API key  so don t forget to limit it s usage to your page hostname   I use it as a fallback method to the getCurrentPosition   method if it fails  It allows me to make it work until I switch to HTTPS   Here s the JSFiddles    HTTP  getCurrentPosition   will fail and fall back to the API HTTPS  getCurrentPosition   will succeed

User · Answer

You can run chrome with the --unsafely-treat-insecure-origin-as-secure  http   example com  flag  replacing  example com  with the origin you actually want to test   which will treat that origin as secure for this session  Note that you also need to include the --user-data-dir  test only profile dir to create a fresh testing profile for the flag to work   For example if use Windows  Click Start and run   chrome --unsafely-treat-insecure-origin-as-secure  http   localhost 8100   --user-data-dir C  testprofile

User · Answer

Give some time to install an SSL cert getCurrentPosition   and watchPosition   no longer work on insecure origins  To use this feature  you should consider switching your application to a secure origin  such as HTTPS

User · Answer

For dev only  you can authorize specific local domains to use this features   https   medium com  Carmichaelize enabling-the-microphone-camera-in-chrome-for-local-unsecure-origins-9c90c3149339

User · Answer

You could use the https   ipinfo io API for this  it s my service   It s free for up to 1 000 req day  with or without SSL support   It gives you coordinates  name and more  Here s an example   curl ipinfo io      ip    172 56 39 47      hostname    No Hostname      city    Oakland      region    California      country    US      loc    37 7350 -122 2088      org    AS21928 T-Mobile USA  Inc       postal    94621      Here s an example which constructs a coords object with the API response that matches what you get from getCurrentPosition       getJSON  https   ipinfo io geo   function response         var loc   response loc split           var coords             latitude  loc 0           longitude  loc 1               And here s a detailed example that shows how you can use it as a fallback for getCurrentPosition     function do something coords           Do something with the coords here    navigator geolocation getCurrentPosition function position         do something position coords              function failure              getJSON  https   ipinfo io geo   function response             var loc   response loc split               var coords                 latitude  loc 0               longitude  loc 1                     do something coords                              See http   ipinfo io developers replacing-navigator-geolocation-getcurrentposition for more details

User · Answer

I know that the geoLocation API is better but for people whom can t use an SSL  you can still use some sort of services such as geopluginService   as specified in the documentation you simply send a request with the ip to the service url http   www geoplugin net php gp ip xx xx xx xx the output is a serialized array so you must need to unserialize it before using it   Remember this service is not very accurate as the geoLocation is  but it is still an easy and fast solution

User · Answer

Yes  Google Chrome has deprecated the feature in version 50  If you tried to use it in chrome the error is  getCurrentPosition   and watchPosition   are deprecated on insecure origins  To use this feature  you should consider switching your application to a secure origin  such as HTTPS  See https   sites google com a chromium org dev Home chromium-security deprecating-powerful-features-on-insecure-origins for more details  So  you have to add SSL certificate  Well  that s the only way  And it s quite easy now using Let s Encrypt  Here s guide And for testing purpose you could try this   1 localhost is treated as a secure origin over HTTP  so if you re able to run your server from localhost  you should be able to test the feature on that server  2 You can run chrome with the --unsafely-treat-insecure-origin-as-secure  quot http   example com quot  flag  replacing  quot example com quot  with the origin you actually want to test   which will treat that origin as secure for this session  Note that you also need to include the --user-data-dir  test only profile dir to create a fresh testing profile for the flag to work   I think Firefox also restricted user from accessing GeoLocation API requests from http  Here s the webkit changelog  https   trac webkit org changeset 200686

User · Answer

It s only for test  you can do it in google chrome  navigate to  chrome   flags  unsafely-treat-insecure-origin-as-secure then you ll see   Type address you want to  allow  then enable and relaunch your browser

User · Answer

Found a likely answer in  jstillwell s posts here  https   github com stefanocudini leaflet-gps issues 15 basically this feature will not be supported  in Chrome only   in the future  but only for HTTP sites  HTTPS will still be ok  and there are no plans to create an equivalent replacement for HTTP use

User · Answer

Use FireFox or any other browser instead of Chrome if you want to test it on your development environment  for production there is no way except using https   For development environment just open http   localhost 8100  on FireFox and alas no such error

[javascript] getCurrentPosition() and watchPosition() are deprecated on insecure origins

Examples related to javascript

Examples related to html

Examples related to geolocation

Examples related to deprecation-warning