Deprecate and remove the Battery Status API on insecure origins, such as HTTP pages or HTTPS iframes embedded in HTTP pages.
The Battery Status API allows web developers to have access to, among other things, a system's battery charging level and whether it is being charged. It is a powerful feature that has been around for over a decade and, as such, was originally designed with different security constraints. https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins mentions how powerful features should not be exposed on insecure origins. We would like to add the [SecureContext] attribute to the spec's Web IDL so that navigator.getBattery() and the BatteryManager interface are only available in secure contexts. This has also been discussed in W3C at the Devices and Sensors WG April 2021 meeting, where we agreed to fix https://github.com/w3c/battery/issues/15 by adjusting the Blink implementation.