On 10/22/2016 03:59 AM, Chris Peterson wrote:
On 10/21/2016 3:11 PM, Tantek Çelik wrote:
> Does this mean that we'd be breaking one in 5 geolocation requests as a
> result of this? That seems super high. :(
Agreed. For example, my understanding is that this will break
http://www.nextbus.com/ (and thus http://www.nextmuni.com/ ) location
awareness (useful for us SF folks), which is kind of essential for
having it tell you transit stops near you. -t
Indeed, the geolocation feature on nextbus.com is broken in Chrome. (The site
shows a geolocation error message on first use.)
Next Bus already has an HTTPS version of their site, but it is not the default
and has some mixed-content warnings. For a site that uses geolocation
as a core part of its service, I'm surprised they have let it stay broken in
Chrome for six months. Chrome removed insecure geolocation
"insecure". SecureContext is really quite high level concept and doesn't apply to all the necessary bits in the platform. So just to remind that it
doesn't exactly give too much security.
https://w3c.github.io/webappsec-secure-contexts/#isolation
(It is rather mystery to me for example why the spec does explicitly handle SharedWorkers but doesn't BroadcastChannel, when they both deal with
cross-browsing-context messaging (SharedWorker also other stuff))
in April 2016
and announced its deprecation in November 2015.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
