New Chrome security policy: powerful features will be removed on insecure origins
CommentsGoogle recently announced a security policy change that will impact future versions of the Chrome browser. Chrome is already warning that support to powerful features on insecure origins (HTTP) is deprecated, and according to recent announcements the removal will take place soon.
The initial features that will be removed on insecure origins will be:
- Geolocation (
getCurrentPosition()andwatchPosition()) - Fullscreen
- Device motion / orientation
- Encrypted Media Extensions (EME)
getUserMedia()
If your web site or app is currently using any powerful feature above, please immediately consider switching all your traffic to HTTPS only.
Links
- Proposal: Deprecating Powerful Features on Insecure Origins
- Issue: Deprecation and removal of powerful features on insecure origins
- The impact of Google’s new Chrome security policy on WebRTC
You may also be interested in ...
- Chrome 54 introduces BroadcastChannel API and Spreaker is already using it
- Chrome changes "HTTPS with mixed content" icon and add Security tab to DevTools
- Who are we developing for?
- Copy the text selection to Clipboard, using Javascript
- Chrome Android 44+ introduces a new "related apps" banner
Upcoming conferences
I will join the following conferences. Reach me out on Twitter if you
wanna meet:
| Incontro DevOps 2020 |
Virtual
|
22 October 2020 |
|---|