Use "navigator.permissions" to detect geolocation support #3571
Conversation
Yep! This will allow us to consistently disable geolocation if it's not supported, no matter at what time the geolocation control is added. |
tmcw
force-pushed
the
detect-insecurity
branch
from
6e5ee70 to
d1197fe
Compare
Due to new [security restrictions](https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins), the presence of `navigator.geolocation` is no longer a complete indication of geolocation support: the `navigator.permissions` API allows one to query for access to the API. This PR moves geolocation support checking to the GeolocationControl in order to support this asynchronous API.
tmcw
force-pushed
the
detect-insecurity
branch
from
b4a8ef1 to
305403f
Compare
| callback(); | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
I think it would be slightly cleaner to call the callback in any outcome, and move responsibility for checking supportsGeolocation value to _setupUI:
function checkGeolocationSupport(callback) {
if (supportsGeolocation !== undefined) {
callback();
} else if (window.navigator.permissions !== undefined) {
window.navigator.permissions.query({name: 'geolocation'}).then((p) => {
supportsGeolocation = p.state !== 'denied';
callback();
});
} else {
supportsGeolocation = !!window.navigator.geolocation;
callback();
}
}There was a problem hiding this comment.
Already tried both variations, but I'm flexible. I'll switch it to the suggested style.
| * browsers including Chrome requires sites to be served over HTTPS. If | ||
| * geolocation support is not available, the GeolocateControl will not | ||
| * be visible. | ||
| * |
There was a problem hiding this comment.
BTW, should we limit the line width to 70 chars in comments like this? IMHO increasing the limit would help readability.
There was a problem hiding this comment.
Not sure how you're set up, but in vim-land I never use wrapping so cutting lines like this is more readable.
There was a problem hiding this comment.
I don't use wrapping too, it just that 70 seems too short, given that we use up to 120 for the code.
lucaswoj
changed the title
Due to new security restrictions, the presence of
navigator.geolocationis no longer a complete indication of geolocation support: thenavigator.permissionsAPI allows one to query for access to the API. This PR moves geolocation support checking to the GeolocationControl in order to support this asynchronous API.Testing plan:
npm run start-debugImplementation notes:
Since the permissions API is async and is not instant, this approach caches the result. I have not found any cases where the result will change.
Launch Checklist
Fixes #3568 -
waiting on #3497 because this needs to move the geolocation detection into the geocodercontrol itself.Actionable - workingonit.