Getusermedia() in Chrome 47 Without Using Https

getUserMedia() in chrome 47 without using https

getUserMedia allows you to listen in to the private conversations of the user. If it were enabled over unencrypted HTTP, this would allow an attacker to inject code that listens in and sends the conversations to the attacker. For example, if you if you are in a private conference room of a hotel with unencrypted WiFi, everybody in the vicinity of the hotel could listen in. Even if your app does not usually deal with sensitive conversations, an attacker could replace your code with theirs in order to listen in at a later time, when another app is in use.

Therefore, getUserMedia is only available from secure contexts. For testing, you can exempt your domain by starting Chrome with --unsafely-treat-insecure-origin-as-secure="example.com", or simply test under http://localhost/.

If you want your app to listen to the user's microphone, you must serve it via TLS. There is no way around it. If there were, it would be regarded as a security hole and fixed in the next version of the browsers.

HINT

You might have to add "http://" on the command line, e.g.:

--unsafely-treat-insecure-origin-as-secure="http://example.com"

JavaScript GetUserMedia using Chrome with localhost without HTTPS

You can use a service like https://ngrok.com/ to map a public DNS address with SSL certificate to a port on your local machine.

getUserMedia() not supported in chrome

Chrome is requiring secure origins (HTTPS) for getUserMedia.

Starting with Chrome 47, getUserMedia() requests are only allowed from secure origins: HTTPS or localhost.

https://developers.google.com/web/updates/2015/10/chrome-47-webrtc?hl=en

Allowing webcam access without https on android tablet

In a single word the answer is NO.
It is possible to get webcam access only on localhost and https connections for security.

W3 API specification states

When on an insecure origin [mixed-content], User Agents are encouraged to warn about usage of navigator.mediaDevices.getUserMedia, navigator.getUserMedia, and any prefixed variants in their developer tools, error logs, etc. It is explicitly permitted for User Agents to remove these APIs entirely when on an insecure origin, as long as they remove all of them at once (e.g., they should not leave just the prefixed version available on insecure origins).

Chrome, starting from version 47 implements this security policy (Source):

Starting with Chrome 47, getUserMedia() requests are only allowed from secure origins: HTTPS or localhost.

So you can't access Camera without a secure connection.



Related Topics



Leave a reply



Submit