SSJGSS SSJGSS - 3 months ago 20x
Javascript Question

Http sites does not detect the location in Chrome - issue

We did notice today an issue in automatic detection of zip code based on the user s location. it worked well in other browsers(edge, IE, Firefox)
We had to configure the sites to https and then it works ok

Example : works well
where as does'nt work.

<script type="text/javascript" src=""></script>
<%-- <script type="text/javascript" src=""></script>--%>

<%-- <script type="text/javascript" src=""></script>
<script type="text/javascript" src=""></script>--%>
<script type="text/javascript">

function ShowMessages() {

if (navigator.geolocation) {
} else {
alert("Geo Location is not supported on your current browser!");
function success(position) {
var lat = position.coords.latitude;
var lng = position.coords.longitude;
var latlng = new google.maps.LatLng(lat, lng);
var geocoder = geocoder = new google.maps.Geocoder();
geocoder.geocode({ 'latLng': latlng }, function (results, status) {
if (status == google.maps.GeocoderStatus.OK) {
if (results[1]) {

var searchAddressComponents = results[0].address_components,
searchPostalCode = "";
$.each(searchAddressComponents, function () {
if (this.types[0] == "postal_code") {
searchPostalCode = this.short_name;

document.getElementById('hidden1').value = searchPostalCode
__doPostBack('', '');



Any help/workaround would be appreciated.

EDIT: Other than Google API, are there any other working alternatives?

Zed Zed

Deprecating Powerful Features on Insecure Origins

Chrome Security originally sent this out to various browser development mailing lists. See the original intent-to-deprecate email on blink-dev. This is based on the original idea to prefer secure origins for powerful new features.


We want to start applying the concepts in features that have already shipped and which do not meet the (new, not present at the time) requirements. In particular, this approximately requires that powerful features only be accessible on "secure origins" (such as HTTPS) where the full ancestor chain is also secure.

They have set to start by requiring secure origins for these existing features:

Geolocation — requires secure origins as of M50 Device motion / orientation EME getUserMedia AppCache

As with gradually marking HTTP as non-secure, we expect to gradually migrate these features to secure-only, based on thresholds of usage, starting with lowest usage and moving towards higher. We also expect to gradually indicate in the UX that the features are deprecated for non-secure origins.

The deprecation strategy for each of these features is not decided on and may very well differ from feature to feature. We don’t currently know what the thresholds will be, or how heavily used the features are on what kinds of origins. We are in the process of gathering data, and will report back when we have it. There are no firm plans at all at this time, other than eventual deprecation. We intend for this to stimulate a public discussion of the best way to approach this deprecation.

Testing a Deprecated Powerful Feature

After a feature has been deprecated, if you are a developer that needs to keep testing a feature on a server that does not have a valid certificate, you have two options:

localhost is treated as a secure origin over HTTP, so if you're able to run your server from localhost, you should be able to test the feature on that server. You can run chrome with the --unsafely-treat-insecure-origin-as-secure="" flag (replacing "" with the origin you actually want to test), which will treat that origin as secure for this session. Note that you also need to include the --user-data-dir=/test/only/profile/dir to create a fresh testing profile for the flag to work.