Deprecate Web MIDI use on insecure origins

Web MIDI use is classified into two groups, one is non-privilege use, and the other is privilege use with sysex permission. Until today, only the latter use prompts users for permission. But to reduce security concerns, we will change this behavior to prompt permission always regardless of sysex use. This means it deprecates Web MIDI use on insecure origins as a permission requiring feature is not allowed there.

Specification

Working draft or equivalent

Status in Chromium

Blink>WebMIDI


Enabled by default (tracking bug) in:

  • Chrome for desktop release 77
  • Chrome for Android release 77
  • Android WebView release 77

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • In development
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2019-07-29