File spec bug for: error code on watchPosition geolocation API error, on insecure origin
Reported by
viktor.j...@gotinder.com,
Mar 16 2017
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Steps to reproduce the problem: 1. Try to use the geolocation.watchPosition function on an insecure http origin 2. function fails, and in the return handler returns an object with the error code 1 What is the expected behavior? The error code should be 2. Or at least, it is 2 in Safari. And from the mdn description, it makes more sense for it to be 2. https://developer.mozilla.org/en-US/docs/Web/API/PositionError What went wrong? If the error code is 1, short of parsing the message, it's not possible to distinguish a denial (user caused) from this being a problem of insecure origin. Did this work before? N/A Does this work in other browsers? Yes Chrome version: 56.0.2924.87 Channel: stable OS Version: OS X 10.12.2 Flash Version:
,
Mar 17 2017
Reporter@ - Thanks for filing the issue...!! Could you please provide a sample URL(insecure http origin) or consistent manual repro steps to test this issue. This will help us in triaging the issue further. Thanks...!!
,
Mar 19 2017
Somehow my comments are getting auto deleted...
,
Mar 19 2017
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 19 2017
Please use the URL in the images. I tried putting it in a comment, but they are all getting auto deleted.
,
Mar 20 2017
For context, iOS 10 and Safari 10 on desktop have restricted geolocation to secure contexts (see https://trac.webkit.org/changeset/200686). The error codes in question are: error code 1: the page doesn't have permission to access geolocation error code 2: unspecified internal error Strictly speaking, I think error code 1 is correct, and a conscious decision was made when geolocation was restricted to secure origins that trying to access it from HTTP would be treated exactly like the user denying permission. Semantically, error code 1 is correct, because HTTP pages are not allowed to access location. +other permissions folks for their thoughts. Perhaps someone should follow up with WebKit to see what their reasoning is for using error code 2, but I lean towards keeping error code 1 here (and asking if WebKit wants to move to 1 as well).
,
Mar 20 2017
I agree with #10. To the OP - is this causing any practical problems i.e. making it hard to do something in particular? Also, we'll try and find out what's happening with the comments being auto-deleted. Was it just comments containing URLs?
,
Mar 29 2017
I don't really like choosing between two bad error codes. I think we should be using "SecurityError" if one existed on PositionError.
,
Apr 5 2017
Should we mark this as WontFix given analysis in #10, or is someone (dougt or jyasskin) still looking into this?
,
Apr 7 2017
The right thing to do is figure out a way to update the specification and return a better error code that accurately reflect the failure type. jyasskin, what do you think?
,
Apr 7 2017
I want to standardize with Safari and update the spec to describe what happens here, but I don't think we should add a new error code that existing uses of geolocation aren't expecting. We're talking about how to update abandoned specs in the standards-team meeting next Thursday.
,
Apr 12 2017
Next step: Find a place to create a specification issue to address this unspecified behavior.
,
Apr 12 2017
The Spec says [1]: > PERMISSION_DENIED (numeric value 1) > The location acquisition process failed because the document does not have permission to use the Geolocation API. > POSITION_UNAVAILABLE (numeric value 2) > The position of the device could not be determined. For instance, one or more of the location providers used > in the location acquisition process reported an internal error that caused the process to fail entirely. So, to me Cr response is the correct one. I filed an issue [2] on the Spec to make this more evident (that PERMISSION_DENIED is expected when trying to access Geolocation from an insecure origin), but otherwise this sounds like an interop issue. Is there an external/wpt test for this? [1] http://w3c.github.io/geolocation-api/spec-source.html#position_error_interface [2] https://github.com/w3c/geolocation-api/issues/12
,
Sep 22 2017
,
Sep 22 2017
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by viktor.j...@gotinder.com
, Mar 16 2017