getUserMedia was supposed to work only via HTTPS, but web-dictaphone runs okay over HTTP on Android?

Question

getUserMedia was supposed to work only via HTTPS, but web-dictaphone runs okay over HTTP on Android?

mavavilj opened this issue a year ago · 6 comments

Based on:

https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia

the getUserMedia() method should be available only in secure contexts (HTTPS).

However, I am deploying web-dictaphone on CivetWeb (https://github.com/civetweb/civetweb) locally and it seems to run fine over HTTP.

The browsers even say it's truly an insecure context.

Answer 1 · 2024-01-02T12:30:38.000Z

And yes it does say that localhost is considered secure, however I thought it would still require HTTPS.

Answer 2 · 2024-01-02T12:48:02.000Z

Proof:

https://www.youtube.com/shorts/LbbDJivS58c

Answer 3 · 2024-01-03T09:48:14.000Z

Or it means like it says on:

https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

But then it's confusing that Firefox still marks it as insecure.

Answer 4 · 2024-01-21T18:42:20.000Z

But then it's confusing that Firefox still marks it as insecure.

Firefox doesn't mark HTTP as insecure.

Answer 5 · 2024-01-21T19:00:54.000Z

But then it's confusing that Firefox still marks it as insecure.

Firefox doesn't mark HTTP as insecure.

It does.

Answer 6 · 2024-01-21T19:29:35.000Z

Where? I just created an HTTP server with node and successfully use getUserMedia() on http: protocol on Firefox Nightly 123. I didn't observe any notifications http: was "insecure".