getUserMedia has now been discontinued on non https connections?

Asked

Viewed 768 times

4

This morning I updated my Google Chrome, on Ubuntu.

When I went to do a test on the part of the system (place) where we took a picture of the webcam, instead of displaying the authorization message to access the webcam, I received the following message in the browser console:

getUserMedia() is deprecated on insecure Origins, and support will be Removed in the Future. You should consider switching your application to a Secure origin, such as HTTPS.

Which translating is

getUserMedia() is obsolete on unsafe origins and support will be removed in the future. You should consider changing your application to a secure source such as HTTPS.

All the systems I use getUserMedia must be amended to HTTPS on account of that?

What is the reason for removing the getUserMedia in non-https locations?

Updating

I get this message today on my Google Chrome:

getUserMedia() no longer Works on insecure Origins. To use this Feature, you should consider switching your application to a Secure origin, such as HTTPS

Already blocking use of user’s camera/microphone capture functionality.

And yet I would like to know what is the danger of using these resources in non-https connections (I don’t like to say "insecure").

1 answer

2


The Chromium project announced this change to adapt to the new W3C standard that determines that any powerful resource limited use through secure authentication environments.

The W3C itself admits that the mere fact of requiring HTTPS for such features is not sufficient to ensure end-user safety, however it establishes such a normative as a prerequisite for building a safer internet. Determination is that any application that has access to sensitive data is offered with the minimum security authenticated (HTTPS).

While the normative does not prevent malicious developers from delivering dangerous content to end users, it at least tries to prevent more often than Man-like attacksNo-Middle Injete malicious scripts on your web page to acquire sensitive data from your users.

Before such a change could happen, it was necessary to discuss what characterizes powerful resources in the Web context. In short, it has been defined as a powerful resource for any code to provide access to:

  • Sensitive Information (Personal Information, credentials, payments, etc)
  • Access to sensors (Geolocation, webcam, camera, etc)
  • Information from other devices (Bluetooth, Wireless, etc)
  • Storage in Session
  • Resource that may request the user’s permission
  • Among others.

Note: I think it’s worth adding that Chrome offers a flag that lets you treat insecure websites as safe for testing purposes. Just run Chrome using the flag --unsafely-treat-insecure-origin-as-secure="example.com" (by replacing example.com with your domain of interest).


References:

Browser other questions tagged

You are not signed in. Login or sign up in order to post.