Mozilla plans to make a change to Geolocation in Firefox 55 that would block requests automatically if they come from non-secure origins.
Geolocation, broken down to its core, refers to technologies that allow sites and applications to determine a user's position in the world.
This can be useful when mapping services are used among other things (show me where I'm, auto-filling of the current location). Many sites, not only mapping services but also shopping sites, or multi-lingual sites, use Geolocation for functionality.
It is fairly common for instance that users are redirected automatically to a local version of the site if it exists.
Mozilla plans to make the change in Firefox 55. The implementation is on the heels of the Chromium team which added the requirement to Chromium 50. Firefox 55 is scheduled for an August 2017 release.
Basically, what this means for Firefox users is that Geolocation requests won't work anymore if a site or application does not use HTTPS.
To be precise, Geolocation will also work in the context of encrypted WebSocket connections (wss://), and requests from local resources such as localhost.
Mozilla notes that services that use non-secure origins for Geolocation requests will break when the change happens. Telemetry data that has been analyzed five months ago suggests that this will affect about 0.188% of page loads in the browser.
Just looking at non-secure origin Geolocation requests, Telemetry data suggested that 57% of getCurrentPosition() requests and 2.48% of watchPosition() requests use non-secure origins.
The figure will go down further in the future as more and more sites start the migration to HTTPS.
If you run Firefox Nightly currently, which is at version 55 at the time of writing, you will notice that non-secure Geolocation requests still work.
The feature is hidden behind a preference right now which you need to set to false to test right away:
Once you have set the preference to false, any Geolocation request from an insecure origin will fail.
Now You: do you use sites that make use of Geolocation? (via Sören)Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.