Let us consider this javascript code:
if (navigator.geolocation){
navigator.geolocation.getCurrentPosition(function(position) {
document.getElementById('id111').innerHTML="latitude: " + position.coords.latitude + "<br>longitude: " + position.coords.longitude;
});
}
It first checks if the navigator.geolocation object is available, and if so,
and write the user’s coordinates in the HTML element with the id equal to id111.
And in order to do that, the website that contains this code will ask the user for permission to access his own location.
The question is, why the user’s permission is needed here, whereas the code is client-side so the website will not actually access the user’s location but it is just printed on the user browser?
Advertisement
Answer
The question is, why the user’s permission is needed here
Because you’re asking for private information. Some users may not want you to know their physical location, and may choose not to share it. The browser geolocation API standards enforce this.
the website will not actually access the user’s location
Sure it will. That’s exactly what it’s asking for permission to do. Even though your code is running in the user’s browser, it’s still your code and the user can choose what your code is or is not allowed to access on their computer/device.
but it is just printed on the user browser
The browser doesn’t know or care if that’s the case. The browser isn’t concerned with what you do with the user’s private information, only that you get the user’s permission before accessing that private information. You can display it on the screen, send it to the server, etc. But first you need the user’s permission.