PSA: enumerateDevices() and getUserMedia() present only on secure origins starting in Chrome M74
459 views
Skip to first unread message
gui...@webrtc.org
Mar 2, 2019, 3:30:11 AM3/2/19
to discuss-webrtc
Following the latest version of the Media Capture and Streams spec, the mediaDevices attribute and the legacy getUserMedia method of the Navigator interface (including the deprecated prefixed version) are marked as SecureContext in Chrome M74. This means that enumerateDevices(), getDisplayMedia() and all variants of getUserMedia() will be visible only on secure origins.
Prior to this change getUserMedia() and getDisplayMedia() were visible on insecure origins, but they always failed and produced a deprecation message. enumerateDevices() was also visible, but it only returned opaque device IDs since permission to access complete device information has always required a secure origin.
We do not expect this change to negatively affect WebRTC-based applications using these features since they have always been useful only on secure origins in Chrome.
The only use case we expect will break is using opaque device IDs on insecure origins, possibly to track users. This is not a use case we are interested in supporting, so there is no work around other than using secure origins.
Lorenzo Miniero
Mar 2, 2019, 5:25:20 AM3/2/19
to discuss-webrtc
By insecure origins, do you mean HTTP, or HTTPS with broken/test certificates too?
Will they keep on being available when testing on localhost + plain HTTP?
Thanks,
Lorenzo
Philipp Hancke
Mar 2, 2019, 5:28:52 AM3/2/19
to discuss...@googlegroups.com
Lorenzo, I hope you know about chrome://flags/#allow-insecure-localhost which is one of the most useful time-saving flags ever as it treats invalid localhost certificates as ok :-)
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/ad9b38bb-b217-4c01-a69b-66f53ea9c722%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Lorenzo Miniero
Mar 2, 2019, 6:04:41 AM3/2/19
to discuss-webrtc
I clearly didn't, so thanks! :-D
gui...@webrtc.org
Mar 4, 2019, 6:05:29 AM3/4/19
to discuss-webrtc
Note also that http://localhost is considered a secure origin by Chrome.
Reply all
Reply to author
Forward
0 new messages