Applications with permission for location claim they don't

Non-browser based app is absolutely fine (Réaltai)

Tried the metvoffice example in Firefox.. Had to grant 'always' permission in the dialogue, but then it worked.. Going back to the app permissions for location I could not find Firefox listed.

Reassigning to webbrowser-app for investigation.

This message, from the browser log, is relevant:

qml: [JS] (:0) getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.

This is enforced by chromium: websites and webapps that want to access the device’s location will need to do so over HTTPS.

Invalid, you say.
Well, the UK Met office is a government body outside my control, and the bundled web app for it in the Ubuntu store certainly is. I suppose that will have to be removed.

I have passed your comments on to the UK met office via their technical fault form on the web site.

Anyway, I don't see how this can be an invalid bug. Why did I not get an appropriate dialogue on the tablet explainging what was wrong? why did I have to come to Launchpad for an explanation (lucid and sensible though it be)?

Surely if Ubuntu's implimentation of the browser is enforcing this security issue, it is incumbent upon Ubuntu to say so when it does?

So the bug has become "No dialogue explaining security enforcement for non-secure urls asking for location".

I understand this is not great UX, from a user perspective some sites used to work and they don’t anymore. There is not much we can do about it though: the web engine the browser app uses is based on chromium, and chromium is intentionally denying geolocation requests on insecure origins starting with version 50. See https://bugs.chromium.org/p/chromium/issues/detail?id=561641 for a detailed discussion.

I verified that chromium on desktop and chrome on android behave exactly the same: they deny the geolocation request.
Firefox currently accepts them, but I read somewhere that they are considering deprecating the feature in the same manner, so it’s only a matter of time before the feature stops working there too.

Note that before blocking the feature, it had been marked deprecated long in advance, and web developers would get a message in the javascript console warning that the feature would eventually be blocked. metoffice.gov.uk and streetmap.co.uk have ignored that warning, and that results in bad UX. This is unfortunate, but again there is not much we can do about it (nothing really), as we’re not getting a signal from chromium that a request has been denied because it originated from an insecure origin.

Thanks for forwarding the info to the UK met office, I’m sure they’ll consider addressing it asap.

Thanks, at least, for the thoughtful reply.

Response today from the UK met office:
========================================
Hi Robert,

Thanks for your feedback and investigation into our use of http over https. We are aware of a requirement to move over to https. There would be many systems which might be impacted during a change to https so naturally this may take a long time to implement.

Thanks

Henry Ford

Internet Applications

One would expect they would have seen it coming, but at least all hope is not lost, it will eventually work again…