> * Make getSupportedConstraints return an empty dictionary on non secure origins. Constrainable properties is a lateral concept, but so far *getUserMedia* is alone in using `min`, `exact` (and sometimes `max`) constraints for discovery, which truly requires this feature detection mechanism. All future features of this caliber will likely be limited to secure contexts in some way, so yes. > * Make enumerateDevices reject on non secure origins. enumerateDevices is also used by [*setSinkId*](https://w3c.github.io/mediacapture-output/#dom-htmlmediaelement-setsinkid), which we should limit as well, so yes.¹ > * Make getUserMedia SecureContext Means `("getUserMedia" in navigator.mediaDevices) == false`, i.e. `TypeError` on attempted calls.² > * Make mediaDevices SecureContext Means `("mediaDevices" in navigator) == false`, i.e. `TypeError` on attempted calls. Means `("getUserMedia" in navigator.mediaDevices) == false` would *trigger* (!) `TypeError`. In an ideal world, yes. I think all these methods are beyond http. This would obviously break some sites in http, but maybe that's ok? <sub>1. Firefox still supports *getUserMedia* in http, but we agree to [fix that](https://bugzilla.mozilla.org/show_bug.cgi?id=1335740).</sub> <sub>2. I found this out in https://github.com/w3c/mediacapture-screen-share/issues/77#issuecomment-421006931</sub> -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/540#issuecomment-421024512 using your GitHub accountReceived on Thursday, 13 September 2018 14:20:38 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:45 UTC