Remove getUserMedia() from Insecure Contexts (removed)

Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing getUserMedia() from insecure contexts. getUserMedia() is a powerful feature that allows access to the microphone and camera of the user agent's machine, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Removed (launch bug) in:

  • Chrome for desktop release 47

Consensus & Standardization

  • Public support
  • No public signals
  • No public signals
  • Mixed signals

Owner

Last updated on 2017-06-14