It asked my for the permission earlier. I thought I'd granted it already and I didn't notice the sneaky domain switch, I've now revoked it.
I wish browsers had a more granular way to grant this and other permissions. E.g. Firefox just has allow/deny, and then "remember".
Granting it only if the user clicks the "show my location" UI element on the web page would be a closer match to user expectations, and would preclude pages from getting the permission in the background.
Of course that would introduce extra complexity, e.g. worrying about web pages sneakily making normal looking links the "get location" UX element.
There's probably no secure way to do it except for the webpage to communicate that it's a page that might want your location, and for the browser to show the "send my location" UX element itself (e.g. in the toolbar).
I wish browsers had a more granular way to grant this and other permissions. E.g. Firefox just has allow/deny, and then "remember".
Granting it only if the user clicks the "show my location" UI element on the web page would be a closer match to user expectations, and would preclude pages from getting the permission in the background.
Of course that would introduce extra complexity, e.g. worrying about web pages sneakily making normal looking links the "get location" UX element.
There's probably no secure way to do it except for the webpage to communicate that it's a page that might want your location, and for the browser to show the "send my location" UX element itself (e.g. in the toolbar).