Fix geolocation removal from insecure contexts console message

The console message when the geolocation API is used in insecure
messages ambiguously says it is deprecated when, in fact, it has been
removed at this point. This updates the message to match getUserMedia()
and say it is removed.

BUG=605938
[email protected]

Review-Url: https://codereview.chromium.org/1942003002
Cr-Commit-Position: refs/heads/master@{#392126}

third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt

@@ -1,7 +1,7 @@
 CONSOLE WARNING: Use of the Application Cache is deprecated on insecure origins. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: getCurrentPosition() and watchPosition() no longer work on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: requestMediaKeySystemAccess() is deprecated on insecure origins in the specification. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 This is a testharness.js-based test.

third_party/WebKit/Source/core/frame/Deprecation.cpp

@@ -292,10 +292,10 @@ String Deprecation::deprecationMessage(UseCounter::Feature feature)
 
     case UseCounter::GeolocationInsecureOrigin:
     case UseCounter::GeolocationInsecureOriginIframe:
-        // TODO(jww): This message should be made less ambigous after WebView
-        // is fixed so geolocation can be removed there. After that, this
-        // should be updated to read similarly to GetUserMediaInsecureOrigin's
-        // message.
+        return "getCurrentPosition() and watchPosition() no longer work on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
+
+    case UseCounter::GeolocationInsecureOriginDeprecatedNotRemoved:
+    case UseCounter::GeolocationInsecureOriginIframeDeprecatedNotRemoved:
         return "getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
 
     case UseCounter::GetUserMediaInsecureOrigin:

third_party/WebKit/Source/core/frame/UseCounter.h

@@ -1158,6 +1158,8 @@ class CORE_EXPORT UseCounter {
         URLMethodRevokeObjectURLServiceWorker = 1340,
         DocumentCreateEventPaymentRequestUpdateEvent = 1341,
         CredentialManagerGetReturnedCredential = 1342,
+        GeolocationInsecureOriginDeprecatedNotRemoved = 1343,
+        GeolocationInsecureOriginIframeDeprecatedNotRemoved = 1344,
 
         // Add new features immediately above this line. Don't change assigned
         // numbers of any item, and don't reuse removed slots.

third_party/WebKit/Source/modules/geolocation/Geolocation.cpp

@@ -155,6 +155,14 @@ void Geolocation::recordOriginTypeAccess() const
     if (document->isSecureContext(insecureOriginMsg)) {
         UseCounter::count(document, UseCounter::GeolocationSecureOrigin);
         UseCounter::countCrossOriginIframe(*document, UseCounter::GeolocationSecureOriginIframe);
+    } else if (frame()->settings()->allowGeolocationOnInsecureOrigins()) {
+        // TODO(jww): This should be removed after WebView is fixed so that it
+        // disallows geolocation in insecure contexts.
+        //
+        // See https://crbug.com/603574.
+        Deprecation::countDeprecation(document, UseCounter::GeolocationInsecureOriginDeprecatedNotRemoved);
+        Deprecation::countDeprecationCrossOriginIframe(*document, UseCounter::GeolocationInsecureOriginIframeDeprecatedNotRemoved);
+        OriginsUsingFeatures::countAnyWorld(*document, OriginsUsingFeatures::Feature::GeolocationInsecureOrigin);
     } else {
         Deprecation::countDeprecation(document, UseCounter::GeolocationInsecureOrigin);
         Deprecation::countDeprecationCrossOriginIframe(*document, UseCounter::GeolocationInsecureOriginIframe);

tools/metrics/histograms/histograms.xml

@@ -72277,6 +72277,9 @@ http://cs/file:chrome/histograms.xml - but prefer this file for new entries.
   <int value="1340" label="URLMethodRevokeObjectURLServiceWorker"/>
   <int value="1341" label="DocumentCreateEventPaymentRequestUpdateEvent"/>
   <int value="1342" label="CredentialManagerGetReturnedCredential"/>
+  <int value="1343" label="GeolocationInsecureOriginDeprecatedNotRemoved"/>
+  <int value="1344"
+      label="GeolocationInsecureOriginIframeDeprecatedNotRemoved"/>
 </enum>
 
 <enum name="FetchRequestMode" type="int">