Deprecate Web MIDI use on insecure origins.
Web MIDI use is classified into two groups, one is non-privilege use, and the other is privilege use with sysex permission.
Until today, only the latter use prompts users for permission, based on the early day's spec. But to reduce security concerns,
we will change this behavior to prompt permission always regardless of sysex use.
The current spec allows user-agents to implement user-agent-specific permission handling at the step 7 below.
For Chrome, asking permissions means it deprecates Web MIDI use on insecure origins as powerful features policy explains below.
This is the reason to send this intent-to-deprecate mail.
Interoperability and Compatibility Risk
Today, there are many production sites that use Web MIDI, but such company managed sites are hosted on https.
So this basically affects only personal or hobby uses. Also today there are many options to host personal sites over secure origins for free.
Also major utilities such as sound librarians require sysex permissions, and are already hosted over https.
Thus, this change should not introduce a critical limit for Web MIDI use and adaption.
Firefox is implementing Web MIDI
(tracking bug says firefox66 affected), and as far as I know, they ask the permission always.
Entry on the feature dashboard
Requesting approval to remove too?
Will start showing console message to deprecate this in M74, and want to get an approval to remove this if everything go well.
Software Engineer, Google