getUserMedia was supposed to work only via HTTPS, but web-dictaphone runs okay over HTTP on Android?

Question

getUserMedia was supposed to work only via HTTPS, but web-dictaphone runs okay over HTTP on Android?

mavavilj opened this issue 5 months ago · comments

Based on:

https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia

the getUserMedia() method should be available only in secure contexts (HTTPS).

However, I am deploying web-dictaphone on CivetWeb (https://github.com/civetweb/civetweb) locally and it seems to run fine over HTTP.

The browsers even say it's truly an insecure context.

Matti · Answer 1 · Tue Jan 02 2024 20:30:38 GMT+0800 (China Standard Time)

And yes it does say that localhost is considered secure, however I thought it would still require HTTPS.

Matti · Answer 2 · Tue Jan 02 2024 20:48:02 GMT+0800 (China Standard Time)

Proof:

https://www.youtube.com/shorts/LbbDJivS58c

Matti · Answer 3 · Wed Jan 03 2024 17:48:14 GMT+0800 (China Standard Time)

Or it means like it says on:

https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

But then it's confusing that Firefox still marks it as insecure.