W3C home > Mailing lists > Public > public-geolocation@w3.org > September 2014

Require authenticated origin for geolocation

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 27 Sep 2014 09:22:51 +0200
Message-ID: <CADnb78iKZsjaEqpe8A3rxOmRgjc4Ldogw+7z5S4udpvyubY7iw@mail.gmail.com>
To: public-geolocation <public-geolocation@w3.org>
Cc: Ryan Sleevi <sleevi@google.com>, Chris Palmer <palmer@google.com>
Given http://tools.ietf.org/html/rfc7258 I think we should reconsider
whether to expose geolocation to unauthenticated origins. I don't
think this was duly considered at the time the API was released.

Furthermore, I think that if we agree this is a problem, we could
create a plan for phasing out support where no TLS is involved.

1) Start warning for usage right away.
2) Have developer evangelists spread the date when it will be disabled
(end of 2015?).
3) Disable it.

Received on Saturday, 27 September 2014 07:23:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:09 UTC