"unsafely-treat-insecure-origin-as-secure" flag is not working on Chrome

I am using geo-location for a site running locally on my machine using HTTP on Chrome. However this does not work as I am running on HTTP as opposed to HTTPS.

On the console it says:

getCurrentPosition() and watchPosition() no longer work on insecure origins.
To use this feature, you should consider switching your application to a 
secure origin, such as HTTPS. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins 
for more details.

Accoriding to Deprecating Powerful Features on Insecure Origins its says to start chrome using --unsafely-treat-insecure-origin-as-secure="http://example.com" flag. The command I ran was similar to:

chrome.exe --unsafely-treat-insecure-origin-as-secure="http://hello.app"

However, the same error message still appears.

How can I fix this issue.


Solution 1:

None of the solutions worked for me.

I achieved this by following steps.

  1. Type chrome://flags/#unsafely-treat-insecure-origin-as-secure in the address bar.
  2. Add the origin which you need to treat as secure as shown in the below image.

enter image description here

  1. Relaunch chrome.

Solution 2:

You must have missed some steps. Try to follow this

  1. Go to File Explorer then paste this to address bar >> C:\Program Files (x86)\Google\Chrome\Application (or just go to where you can find your chrome.exe)
  2. Right click chrome.exe > send to > Desktop (Create Shortcut)
  3. Go to your desktop then find the chrome shortcut you've created.
  4. Rename it to ChromeForTesting (this step is optional)
  5. Right click the shortcut, then Click Properties
  6. At the "Target", paste the following at the end of the link

    --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com

so Target should look somewhat similar to this

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=/tmp/foo --unsafely-treat-insecure-origin-as-secure=http://example.com
  1. Click Ok..
  2. During testing close all of your opened google chrome browser. Then double click ChromeForTesting shortcut (the one you've created), when a prompt appears, just click ok..

EDIT: If the steps above does not work for you, you might be using Chrome V63, update it to V64 above cause this flag is messed up in V63.

P.S. If it's still not working follow these extra steps

  1. At your drive C, create a folder and name it "ChromeTempFiles".
  2. Then in your --user-data-dir= you change the value into "C:\ChromeTempFiles"
  3. Add these to your target as well

    --allow-running-insecure-content --reduce-security-for-testing

so your target should look like this now

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\ChromeTempFiles --unsafely-treat-insecure-origin-as-secure=http://example.com --allow-running-insecure-content --reduce-security-for-testing

Solution 3:

You should also use a temproary fresh profile for that session. something like this:

chrome.exe --user-data-dir=/test/only/profile/dir --unsafely-treat-insecure-origin-as-secure="http://example.com"