Re: Require authenticated origin for geolocation from Doug Turner on 2014-09-27 (public-geolocation@w3.org from September 2014)

From: Doug Turner <doug.turner@gmail.com>
Date: Sat, 27 Sep 2014 09:18:43 +0100
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Ryan Sleevi <sleevi@google.com>, Chris Palmer <palmer@google.com>, public-geolocation <public-geolocation@w3.org>
Message-ID: <CAHni0v9=dSwHhACJv9D=qR1k9Kj2Z+n3OSGo6o05o+9XjaK22g@mail.gmail.com>

+1
 On Sep 27, 2014 8:24 AM, "Anne van Kesteren" <annevk@annevk.nl> wrote:

> Given http://tools.ietf.org/html/rfc7258 I think we should reconsider
> whether to expose geolocation to unauthenticated origins. I don't
> think this was duly considered at the time the API was released.
>
> Furthermore, I think that if we agree this is a problem, we could
> create a plan for phasing out support where no TLS is involved.
>
> 1) Start warning for usage right away.
> 2) Have developer evangelists spread the date when it will be disabled
> (end of 2015?).
> 3) Disable it.
>
>
> --
> https://annevankesteren.nl/
>
>

Received on Saturday, 27 September 2014 08:19:11 UTC