search

DrPaulBrewer / meteor-satchat

Meteor chat room app for ham radio satellite enthusiasts
MIT License
2 stars 2 forks source link

client QTH tab: automatic geolocation doesn't work (manual still OK) #6

Closed DrPaulBrewer closed 2 months ago

DrPaulBrewer commented 2 months ago

On the QTH tab of a signed-in web client, clicking "Use web geolocation" currently does not return a location.

Possible causes:

  1. It is likely that the upstream browser geolocation API now requires SSL. If the server is running a legacy HTTP-only connection, the browser wlll refuse to provide an automated location for security reasons. If so, best practice would be to run a secure HTTPS server with a proper key and not merely HTTP.
  2. The code should be checked to see what the button actually calls (if anything) and if any browser errors are generated. I recall from ~10 years ago, some users were unhappy with web-based geolocation. Issues were privacy (users wanted to provide a location accurate enough for satellite tracking but not accurate enough for doxxing) and proxies (false locations). This is why manual entry was also an option.
  3. Manual grid square entry works; satellite tracks have been compared with AMSAT's web tool and seem ok.
DrPaulBrewer commented 2 months ago

SSL is required for geolocation to work.

Ideally, the http/https endpoint would be detected on the client and the button shown or hidden.

Here is where the 'use web geolocation' click is handled:

https://github.com/DrPaulBrewer/meteor-satchat/blob/717650d5ac7d97125429a49efc7302febef711f2/client/app.js#L325-L335

In Using the Geolocation API, MDN note:

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

There are no errors in the browser console associated with SSL being off. Experimentation injecting code into the browser console at an http vs https site shows that geolocation function will exist but do nothing under http, and will create a consent popup and behave correctly under https.

DrPaulBrewer commented 2 months ago

Check location.protocol === 'https:' to see if the client is connected via https.

(see also https://stackoverflow.com/questions/4723213/detect-http-or-https-then-force-https-in-javascript )

Note: Creation of conditional HTML in the meteor html file with #if requires defining a template helper in the javascript.

You can't test location.protocol directly in the HTML

(See also https://forums.meteor.com/t/template-if-condition/25517 )