With version 50 of Chrome, the geolocation API requires websites to use a secure origin (https). See this ArcGIS Blog Post. My experience testing this out is that unless I serve the application with https, then the geolocate button in the WAB won't work in Chrome. I've changed all the references for my resources in my WAB application to use https. The only remaining "mixed content" warnings that I get from the browser are the Open Street Map images that are being requested by the Enhance Basemap gallery widget.
Example: The page at 'https://xxxx.webapbuilder' was loaded over HTTPS, but requested an insecure image 'http://c.tile.openstreetmap.org/13/1364/3122.png'. This content should also be served over HTTPS
How can I force the reference to Open Street Map in the Enhanced Basemap Gallery to use https? There is no URL to provide in the setting file, and I can't figure out how the url is set in the widget.js.