- From: Jon Buckley <jon@jbuckley.ca>
- Date: Tue, 3 Dec 2013 00:55:06 -0500
- To: public-webappsec@w3.org
Received on Tuesday, 3 December 2013 07:01:39 UTC
I just ran into this today when I was trying to figure out why getUserMedia wasn’t working with Content Security Policy. I wrote up a series of media-src testcases with getUserMedia. You can run them in your browser at http://csp-and-gum.herokuapp.com/ and you can see the source code at https://github.com/jbuck/csp-and-gum To have getUserMedia work with CSP in Chrome and Firefox I needed to set my policy to "media-src: 'self' mediastream:” I’ve documented the mediastream: type on MDN at https://developer.mozilla.org/en-US/docs/Security/CSP/CSP_policy_directives#Data but it probably should be documented in the spec as well, because it wasn’t documented at all from Goggling for my specific issue.
Received on Tuesday, 3 December 2013 07:01:39 UTC