71

I am using geo-location for a site running locally on my machine using HTTP on Chrome. However this does not work as I am running on HTTP as opposed to HTTPS.

On the console it says:

getCurrentPosition() and watchPosition() no longer work on insecure origins.
To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins/ for more details.

According to Deprecating Powerful Features on Insecure Origins its says to start chrome using --unsafely-treat-insecure-origin-as-secure="http://example.com" flag. The command I ran was similar to:

chrome.exe --unsafely-treat-insecure-origin-as-secure="http://hello.app"

However, the same error message still appears.

How can I fix this issue?

Improve this question
3
  • 2
    Version 64.0.3282.167 (Official Build) (64-bit), is my version of chrome and I am having the same problem. Commented Apr 3, 2018 at 5:37
  • 2
    Make sure to specify the port, if needed. That's what bit me. Commented Apr 17, 2018 at 22:36
  • 2
    I know this is an old question. But still, I thought let's share how it worked for me. While doing some testing I needed to treat HTTP as secure and stumbled upon this question. I tested on chromium v74.0.3729.0 This worked for me with a catch. After enabling the flag, relaunch the browser. Then in the input field, write your HTTP link. The browser will again ask to relaunch but don't. Open a new tab and go to your link and it is secure now. Commented Jul 12, 2021 at 13:49

8 Answers 8

Reset to default
183

None of the solutions worked for me.

I achieved this by following steps.

  1. Type chrome://flags/#unsafely-treat-insecure-origin-as-secure in the address bar.
  2. Add the origin which you need to treat as secure as shown in the below image.

enter image description here

  1. Relaunch chrome.
Improve this answer
Sign up to request clarification or add additional context in comments.

15 Comments

This worked for me, though I had to add the specific port, in my case. Also, I have to set it every time and Chrome still complains that it's an "unsupported" flag
This works on the browser on mac but when I click restart in chrome on android it never remembers the whitelisted url
How to save the values? If i click on the link the relaunch button shows up but after relaunch the entered values are missing.
@HonsaStunna did you select 'Enabled'?
@Vincent Apparently you need device root to set this flag on Android devices. Google recommends setting up port forwarding instead.
|
8

You must have missed some steps. Try to follow this

  1. Go to File Explorer then paste this to address bar >> C:\Program Files (x86)\Google\Chrome\Application (or just go to where you can find your chrome.exe)
  2. Right click chrome.exe > send to > Desktop (Create Shortcut)
  3. Go to your desktop then find the chrome shortcut you've created.
  4. Rename it to ChromeForTesting (this step is optional)
  5. Right click the shortcut, then Click Properties

  6. At the "Target", paste the following at the end of the link

    --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com

so Target should look somewhat similar to this

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
  1. Click Ok..
  2. During testing close all of your opened google chrome browser. Then double click ChromeForTesting shortcut (the one you've created), when a prompt appears, just click ok..

EDIT: If the steps above does not work for you, you might be using Chrome V63, update it to V64 above cause this flag is messed up in V63.

P.S. If it's still not working follow these extra steps

  1. At your drive C, create a folder and name it "ChromeTempFiles".
  2. Then in your --user-data-dir= you change the value into "C:\ChromeTempFiles"

  3. Add these to your target as well

    --allow-running-insecure-content --reduce-security-for-testing

so your target should look like this now

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --unsafely-treat-insecure-origin-as-secure=http://example.com --allow-running-insecure-content --reduce-security-for-testing
Improve this answer

6 Comments

Did not work for me, " --unsafely-treat-insecure-origin-as-secure" seem not anymore recognised by Chrome.
@trinity420 now that you mentioned it, I just noticed that it also stopped working on mine. But I found the solution. I updated my answer, it should work for you now.
Note: The unsafely-treat-insecure-origin-as-secure flag was broken in Chrome 63, and works again in 64+. --reduce-security-for-testing no longer does anything at all, and the --user-data-dir flag is no longer needed.
Well. It's not working. As simple as that. I tried all suggestions, read everything about it, with or without user dir, with or without port, the flag is NOT in the "chrome://flags/" page. I am all for security, but this is bordering on the ridiculous. Edited to add version: Chromium Version 67.0.3396.87 (Developer Build) built on Debian 9.4, running on Debian 9.3 (64-bit) Just my two cents.
As of Chrome 71, @kartik-sharma's answer below worked for me, with the one caveat being you have to set it every time and it still complains that it's an "unsupported" flag. stackoverflow.com/a/53388534/241244
|
2

You should also use a temproary fresh profile for that session. something like this:

chrome.exe --user-data-dir=/test/only/profile/dir --unsafely-treat-insecure-origin-as-secure="http://example.com"
Improve this answer

1 Comment

This was necessary prior to Chrome 62. It's no longer needed.
2

Just an update to this for Chrome 70. This works perfectly

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --allow-running-insecure-content

Now does anybody know if there is an equivalent for firefox?

Improve this answer

Comments

1

For Chromium 44 use

--unsafety-treat-insecure-origin-as-secure=http://192.168.0.101:3000

instead

--unsafely-treat-insecure-origin-as-secure=http://192.168.0.101:3000

See that bug

Improve this answer

Comments

1

In Google Chrome, you simply type into the address bar, "chrome://flags", and search for, "--unsafely-treat-insecure-origin-as-secure", enable that flag, and enter into the field below (multiples may be entered separated by a comma) the domain you wish to treat as secure. This may or may not compromise your security, but I would assume not as getCurrentPosition() and watchPosition() are somewhat recently deprecated features. this works for publicly served domains, as well.

Improve this answer

Comments

0

On Chrome for testing v132 I used --ignore-certificate-errors, and it worked (even though the browser said unknown flag).

BUT, having said that, I suggest you use caddy web-server which automatically gives you https.

Improve this answer

Comments

-1

With Chrome 79 this setting doesn't work no matter what.

What I ended up doing was to configure the domain on a VPS to show some test webpage and then generate a valid certificate for it using Let's Encrypt's certbot.

Then I copied that certificate to my machine and it's now valid.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.