Exposing geolocation on unauthenticated origins was a mistake. Copying that for getUserMedia() is too. I suggest that to protect our users we make some noise about deprecating this practice. And that in that message we convey we plan to disable both on unauthenticated origins once 2015 is over.
More immediately we should make it impossible to make persistent grants for these features on unauthenticated origins. I can reach out to Google (and Apple & Microsoft I suppose, though I haven't seen much from them on the pro-TLS front) to see if they would be on board with this and help us spread the message. I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1072859 for geolocation. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
