The spec is actually pretty quiet as to whether the callback should be executed if the user simply rejects the permission request (as opposed to clicking the Reject button):
For getCurrentPosition and watchPosition implementation should never call successCallback without first obtaining permission from the user to exchange the location. In addition, an implementation must always obtain user permission to share a location before performing any getCurrentPosition or watchPosition steps described above. If the user grants permission, you must call the appropriate callback, as described above. If the user denies permission, errorCallback (if any) must be called with the PERMISSION_DENIED code , regardless of any other errors encountered in the above steps. The time taken to obtain user permission should not be included in the period covered by the timeout attribute of the PositionOptions parameter. The timeout attribute should only apply to a location operation.
I would say that rejecting a permission request is equivalent to rejecting the request in terms of getCurrentPosition . Clicking Deny is explicit, while dismissal (clicking on X) is implicit.
Functionally, the difference is that clicking the Deny button means (1) rejecting the current request and (2) the site is blacklisted and the user will never be asked to exchange the location for the site again; just rejecting the request means only that the current request is rejected - ndash; future requests (in the future BROWSINGCONTEXT, after reloading the page, a request appears again.
In my opinion, the current behavior of Chrome, Firefox and IE is a mistake - all three do nothing if the user rejects the permission request by clicking X. When calling the geolocation errorCallback , errorCallback should be called, because any further getCurrentLocation calls in the current BROWSINGCONTEXT will silently fail. (Opera 11.52 behaves "correctly" because its permission request user interface has only Allow / Deny buttons, not X.)
Mozilla has a bug where they say that the current behavior is correct and a new bug open an error that is relevant; Chromuim also says the current behavior is correct. IE has an error (registration is required), but, oddly enough, Microsoft closed it as unplayable.
This is really what the W3C working group should address. The page should be able to respond to the user by rejecting the placement permission request - whether it is permanently refused or simply rejected for this session by pressing the X button.
The only thing you can do right now to solve this problem is to set your own timeout. Set the timeout in the geolocation request, and then set the response timeout to a longer time (so that the user time will respond to the request):
if (navigator.geolocation) { var etimeout = setTimout(onError, 10000); navigator.geolocation.getCurrentPosition(onSuccess, onError, {timeout:5000}); } function onSuccess(pos) { clearTimeout(etimeout);