HTML5 location API doesn't work in VM due to lack of HTTPS?

Question

I'm developing in a Vagrant VM "local-ish" server and testing via Chromium on the host machine.

In my scripts I'm using HTML5's location API to send data to my VM server. When I run my app using Chromium it works as intended, even though it warns me about this:

getCurrentPosition() and watchPosition() are deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins for more details.

Although, when I tested with Chrome (DEV) for Android, my code hangs when calling navigator.geolocation.getCurrentPosition(callback).

The same warning pops up when I inspect my device with Chromium's remote debugging feature.

So I have 2 questions:

1. Is there anyway I can "fake" https on my VM?
2. If not, how can I circumvent this so that I can test my app in Android?

Answer 1

So, after reading about this for a while, I figured out a way to get around my problem. I +1's @Tom's answer because it makes sense in other scenarios, but not specifically in my case, because I don't own a domain and my app isn't going into production, it's just for learning purposes.

I basically followed a Digital Ocean tutorial on own to create a self-signed certificate, but instead of using it directly with Nginx, I used it with npm's https module, similar to what I found in this SO question.

This way, the server I'm running on my vagrant VM is attending HTTPS requests and Chromium doesn't bug me about the warning above, nor does it prevent location data going to my VM server, which is what I was trying to achieve.

Answer 2

Why fake it? Just generate a certificate with Let's Encrypt for a domain you own. That way you will be testing a real configuration.