Richard Barnes در تاریخ جمعه ۲۱ اکتبر ۲۰۱۶ ساعت ۲۳:۲۰:۰۰ (UTC+3:30) نوشت:
> The geolocation API allows web pages to request the user's geolocation,
> drawing from things like GPS on mobile, and doing WiFi / IP based
> geolocation on desktop.
>
> Due to the privacy risks associated with this functionality, I would like
> to propose that we restrict this functionality to secure contexts [1].
>
> Our telemetry for geolocation is a little rough, but we can derive some
> upper bounds. According to telemetry from Firefox 49, the geolocation
> permissions prompt has been shown around 4.6M times [2], on about 3B page
> loads [3]. Around 21% of these requests were (1) from "http:" origins, and
> (2) granted by the user. So the average rate of permissions being granted
> to non-secure origins per pageload is 4.6M * 21% / 3B = 0.0319%.
>
> Access to geolocation from non-secure contexts is already disabled in
> Chrome [4] and WebKit [5].
>
> Please send any comments on this proposal by Friday, October 28.
>
> Relevant bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1072859
>
> [1] https://www.w3.org/TR/secure-contexts/
> [2] https://mzl.la/2eeoWm9
> [3] https://mzl.la/2eoiIAw
> [4] https://codereview.chromium.org/1530403002/
> [5] https://trac.webkit.org/changeset/200686
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
