In August 2017, Mozilla will release Firefox 55. One notable change that’s expected to arrive in the update will be that insecure sites won’t be able to get your geolocation data, the information will only be sent to HTTPS and encrypted WebSocket (wss://) connections, and requests from local resources including localhost. The move represents another step in browser makers pushing sites to adopt more secure protocols.
According to Mozilla’s Telemetry data from five months ago, the change will break about 0.188% of page loads, a relatively tiny number which is set to decrease in the meantime. Of the 0.188% of insecure sites requesting location data, 57% use getCurrentPosition() requests and 2.48% use watchPosition() requests.
Users running Firefox Nightly, which is already on version 55, can enable the feature manually through the about:config menu and toggle the geo.security.allowinsecure setting to false.
Mozilla is playing catch-up with Google Chrome which disabled sending geolocation data over insecure connections about a year ago. In Google’s statement at the time, Paul Kinlan wrote, “Chrome has public intent to deprecate powerful features like geolocation on non-secure origins, and we hope that others will follow.” It seems Mozilla is following, finally.