W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > September 2018

Re: [mediacapture-main] Should getUserMedia be functional in SecureContext only?

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 13 Sep 2018 14:20:35 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-421024512-1536848433-sysbot+gh@w3.org>
> * Make getSupportedConstraints return an empty dictionary on non secure origins.

Constrainable properties is a lateral concept, but so far *getUserMedia* is alone in using `min`, `exact` (and sometimes `max`) constraints for discovery, which truly requires this feature detection mechanism.

All future features of this caliber will likely be limited to secure contexts in some way, so yes.

> * Make enumerateDevices reject on non secure origins.

enumerateDevices is also used by [*setSinkId*](https://w3c.github.io/mediacapture-output/#dom-htmlmediaelement-setsinkid), which we should limit as well, so yes.¹

> * Make getUserMedia SecureContext

Means `("getUserMedia" in navigator.mediaDevices) == false`, i.e. `TypeError` on attempted calls.²

> * Make mediaDevices SecureContext

Means `("mediaDevices" in navigator) == false`, i.e. `TypeError` on attempted calls.
Means `("getUserMedia" in navigator.mediaDevices) == false` would *trigger* (!) `TypeError`.

In an ideal world, yes. I think all these methods are beyond http.

This would obviously break some sites in http, but maybe that's ok?

<sub>1. Firefox still supports *getUserMedia* in http, but we agree to [fix that](https://bugzilla.mozilla.org/show_bug.cgi?id=1335740).</sub>
<sub>2. I found this out in https://github.com/w3c/mediacapture-screen-share/issues/77#issuecomment-421006931</sub>

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/540#issuecomment-421024512 using your GitHub account
Received on Thursday, 13 September 2018 14:20:38 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:45 UTC