Re: [mediacapture-main] Should getUserMedia be functional in SecureContext only?

> * Make getSupportedConstraints return an empty dictionary on non secure origins.

Constrainable properties is a lateral concept, but so far *getUserMedia* is alone in using `min`, `exact` (and sometimes `max`) constraints for discovery, which truly requires this feature detection mechanism.

All future features of this caliber will likely be limited to secure contexts in some way, so yes.

> * Make enumerateDevices reject on non secure origins.

enumerateDevices is also used by [*setSinkId*](, which we should limit as well, so yes.¹

> * Make getUserMedia SecureContext

Means `("getUserMedia" in navigator.mediaDevices) == false`, i.e. `TypeError` on attempted calls.²

> * Make mediaDevices SecureContext

Means `("mediaDevices" in navigator) == false`, i.e. `TypeError` on attempted calls.
Means `("getUserMedia" in navigator.mediaDevices) == false` would *trigger* (!) `TypeError`.

In an ideal world, yes. I think all these methods are beyond http.

This would obviously break some sites in http, but maybe that's ok?

<sub>1. Firefox still supports *getUserMedia* in http, but we agree to [fix that](</sub>
<sub>2. I found this out in</sub>

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at using your GitHub account

Received on Thursday, 13 September 2018 14:20:38 UTC