Chrome navigator.geolocation.getCurrentPosition() error 403 - google-maps

For some reason suddenly when calling navigator.geolocation.getCurrentPosition() I get this error:
Network location provider at 'https://www.googleapis.com/' : Returned error code 403.
It used to work perfectly yesterday! Could there be anything with their servers??

It appears it is back up now. But before I realized it was working, I used another way to get location data as recommended by another user on reddit.com
var latLong;
$.getJSON("http://ipinfo.io", function(ipinfo){
console.log("Found location ["+ipinfo.loc+"] by ipinfo.io");
latLong = ipinfo.loc.split(",");
});
Source: https://www.reddit.com/r/webdev/comments/3j8ipj/anyone_else_had_issues_with_the_html5_geolocation/

This happens for me too on idoco.github.io/map-chat
I suspect that this is related the the changes google planed for Deprecating Powerful Features on Insecure Origins it seems that some changes were done in the last few days in this chromium Issue 520765: Deprecation and removal of powerful features on insecure origins
Can you test your site over https to confirm that?
In the meanwhile I found this api usage as a workaround on this repo:
$.getJSON("http://ipinfo.io", function(doc){
var latlong = doc.loc.split(",")
setUserLocation(parseFloat(latlong[0]), parseFloat(latlong[1]));
getLocation(parseFloat(latlong[0]), parseFloat(latlong[1])).then(function(res){
userLocationName = res
})
initialiseEventBus();
map.panTo(userLocation);
}, function(err) {
setUserLocation(Math.random()*50, Math.random()*60);
userLocationName = "unknown.na"
initialiseEventBus();
map.panTo(userLocation);
})

I had the same issue, you have to check your developer dashboard and make sure that your API key has no usage restrictions or warnings.

Related

How to detect SSL errors using chrome extension? [duplicate]

I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:
Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).
Any ideas?
No, the extension API does not offer any method to modify SSL settings or behavior.
You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.
For example:
chrome.webRequest.onErrorOccurred.addListener(function(details) {
if (details.error == 'net::ERR_INSECURE_RESPONSE') {
console.log('Insecure request detected', details);
}
}, {
urls: ['*://*/*'],
types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();
If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.
Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.

In new chrome (44.0.2403.157) geolocations doesnt works

Its seems like in new chrome version on MacOs on Linux Mint and on Windows
geolocations doesnt works!
Its returns error:
"ERROR(2): Network location provider at 'https://www.googleapis.com/' : Returned error code 403."
Does anyone has same problem?
Must be a bug in the latest version of Chrome, also happens in the page of Google Maps API: https://developers.google.com/maps/documentation/javascript/examples/map-geolocation
Hopefully it will be fixed fast.
Edited: Try now, it works :)
Apparently this API has been forbidden access from insecure locations see here
I filed a bug ticket here: https://productforums.google.com/forum/?utm_medium=email&utm_source=footer#!msg/chrome/q7B6gjCr1ps/Y9DEXPZ-_HYJ
Feel free to comment there, star it, etc.
For future queries:
Starting with Chrome 50, Chrome no longer supports obtaining the user’s location using the HTML5 Geolocation API from pages delivered by non-secure connections. This means that the page that’s making the Geolocation API call must be served from a secure context such as HTTPS.
https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only?hl=en
This will break your web apps on chrome if you're not using HTTPS.
i didn't get any solution for "Returned error code 403" but i found one solution to get current location if google api fails
if (navigator.geolocation) {
navigator.geolocation.getCurrentPosition(function (position) {
current_location_lat = position.coords.latitude;
current_location_lon = position.coords.longitude;
}, function (error) {
//if error occurred by google api
$.getJSON("http://ipinfo.io", function (ipinfo) {
var latLong = ipinfo.loc.split(",");
current_location_lat = latLong[0];
current_location_lon = latLong[1];
});
});
} else {
// Browser doesn't support Geolocation
alert("Error: Your browser doesn\'t support geolocation");
}

How to handle ERR_INSECURE_RESPONSE in Google Chrome extension

I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:
Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).
Any ideas?
No, the extension API does not offer any method to modify SSL settings or behavior.
You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.
For example:
chrome.webRequest.onErrorOccurred.addListener(function(details) {
if (details.error == 'net::ERR_INSECURE_RESPONSE') {
console.log('Insecure request detected', details);
}
}, {
urls: ['*://*/*'],
types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();
If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.
Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.

SSL Validation for DOD Websites in Google Apps Script

We've recently bounced up against a bug seemingly caused by a change made to the way Google is handling SSL trust in Google Apps Script on the Google Apps for Gov service. We have a few Apps Script systems - two in particular are a server monitoring system and a webservice-based calendar synchronization tool - which communicate with servers at our end over an SSL connection. This has worked fine for months, until ~9:15 PM on 20 Sept 2012, when almost all of these (and similar) connections began to fail due to an inability to trust the DOD-signed certificates which are mandatory for us on our end of things.
Stranger still is that this is somewhat inconsistent -- that is, I can successfully ask Google to connect to https://usuportal.usuhs.mil and it loads just fine. However, if I try any of:
https://www.us.army.mil
https://www.nps.edu
https://www.disa.mil
https://learning.usuhs.edu
... they all fail. I suspect that this is to do with the root cert which some servers tie themselves back to, suffice that all tying back to the "DOD Root CA-2" certificate as a terminator are failing - a real problem for us.
For our server monitoring we've been able to temporarily work around this by disabling SSL verification in Apps Script, but that option isn't available for accessing webservices [EDIT: we are using SoapService to handle WS requests and returns], leaving us unable to continue to use those tools for as long as this problem is in place. Given the precision with which we can identify when the relevant change happened, though, I should hope Google can at least (relatively) quickly pinpoint what happened.
If it's helpful, below is a quick Google Apps Script function which will log out success / failure based on whether it's able to trust the SSL certificate at the endpoint.
function checkSSL()
{
// The server to go look at to see if we can trust it.
// Again, usuportal.usuhs.mil has been observed to work; all others tested have failed
//
var serverToTest = "https://www.disa.mil";
// options defines the options which will be used by the UrlFetchApp to define its behavior.
// In this case, we may be interested in disabling SSL validation.
//
var options =
{
"validateHttpsCertificates" : false
};
// First, try without disabling validation
//
try {
response = UrlFetchApp.fetch(serverToTest);
Logger.log("I was able to reach " + serverToTest +" without disabling certificate validation.");
}
catch (e)
{
// Logger.log(e.toString());
Logger.log("I was not able to reach " + serverToTest +" without disabling certificate validation.");
}
// Now let's try it with validation disabled
//
try {
response = UrlFetchApp.fetch(serverToTest, options);
Logger.log("I was able to reach " + serverToTest +" with certificate validation disabled.");
}
catch (e)
{
// Logger.log(e.toString());
Logger.log("I was not able to reach " + serverToTest +" with certificate validation disabled. Maybe it's really just down?");
}
}
Please log this in the Issue Tracker. I've been able to dive into this internally and this is in fact and issue we believe. Once you log it in the Issue Tracker you'll be able to follow along the progress of this issue.
We'll likely solve this by adding in a similar "validateHttpsCertificates" flag for SoapSerivce like with UrlFetchApp

HTML 5 Geo Location Prompt in Chrome

Just starting to get into HTML 5 and an testing out geo location...liking it so far. I am hitting a bit of a speed bump though...when I try to get my geo location, chrome automatically blocks the page from getting my location. This does not happen at other sites such as the site below:
http://html5demos.com/geo
The scripts I'm using:
<script type="text/javascript" JavaScript" SRC="geo.js"></script>
<script type="text/javascript" JavaScript" SRC="Utility.js"></script>
<script type="text/javascript" JavaScript" SRC="jquery.js"></script>
<script type="text/javascript" JavaScript" SRC="modernizr.js"></script>
function get_location() {
if (geo_position_js.init()) {
geo_position_js.getCurrentPosition(show_map, handle_error);
}
}
function show_map(position) {
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
alert("lat:" + latitude + " long:" + longitude);
}
function handle_error(err) {
alert(err.code);
if (err.code == 1) {
// user said no!
}
}
if (navigator.geolocation) {
navigator.geolocation.getCurrentPosition(show_map, handle_error);
} else {
error('not supported');
}
I am testing this out from a local directory on my machine, so there isn't really a "domain" like "http://whatever.com/mytestpage.html". Is this why I am not getting prompted? If so, is it possible to force the browswer to request permission to get the user's geo location and is it possible in my scenario?
There's some sort of security restriction in place in Chrome for using geolocation from a file:/// URI, though unfortunately it doesn't seem to record any errors to indicate that. It will work from a local web server. If you have python installed try opening a command prompt in the directory where your test files are and issuing the command:
python -m SimpleHTTPServer
It should start up a web server on port 8000 (might be something else, but it'll tell you in the console what port it's listening on), then browse to http://localhost:8000/mytestpage.html
If you don't have python there are equivalent modules in Ruby, or Visual Web Developer Express comes with a built in local web server.
None of the above helped me.
After a little research I found that as of M50 (April 2016) - Chrome now requires a secure origin (such as HTTPS) for Geolocation.
Deprecated Features on Insecure Origins
The host "localhost" is special b/c its "potentially secure". You may not see errors during development if you are deploying to your development machine.
As already mentioned in the answer by robertc, Chrome blocks certain functionality, like the geo location with local files. An easier alternative to setting up an own web server would be to just start Chrome with the parameter --allow-file-access-from-files. Then you can use the geo location, provided you didn't turn it off in your settings.
The easiest way is to click on the area left to the address bar and change location settings there. It allows to set location options even for file:///
Make sure it's not blocked at your settings
http://www.howtogeek.com/howto/16404/how-to-disable-the-new-geolocation-feature-in-google-chrome/
if you're hosting behind a server, and still facing issues:
try changing localhost to 127.0.0.1 e.g. http://localhost:8080/ to http://127.0.0.1:8080/
The issue I was facing was that I was serving a site using apache tomcat within an eclipse IDE (eclipse luna).
For my sanity check I was using Remy Sharp's demo:
https://github.com/remy/html5demos/blob/eae156ca2e35efbc648c381222fac20d821df494/demos/geo.html
and was getting the error after making minor tweaks to the error function despite hosting the code on the server (was only working on firefox and failing on chrome and safari):
"User denied Geolocation"
I made the following change to get more detailed error message:
function error(msg) {
var s = document.querySelector('#status');
msg = msg.message ? msg.message : msg; //add this line
s.innerHTML = typeof msg == 'string' ? msg : "failed";
s.className = 'fail';
// console.log(arguments);
}
failing on internet explorer behind virtualbox IE10 on http://10.0.2.2:8080 :
"The current location cannot be determined"
For an easy workaround, just copy the HTML file to some cloud share, such as Dropbox, and use the shared link in your browser. Easy.
I too had this problem when i was trying out Gelocation API. I then started IIS express through visual studio and then accessed the page and It worked without any issue in all browsers.
Check Google Chrome setting and permit location access
Change your default location settings.
On your computer, open Chrome.
At the top right, click More Settings.
Under "Privacy and security," click Site settings.
Click Location.
Turn Ask before accessing on or off.
After I changed those settings, Geolocation worked for me.