Dashboard breaks on Firefox - `navigator.getGamepads is not a function`

[NoahBres]

User reported error on the Discord. Have yet to get around to confirming and reproducing myself.

Firefox version 92.0 Ubuntu version 21.04 (wayland)

[NoahBres]

My current assumption—supported only via a cursory search—is thatThis issue relates to a relatively new API called Secure contexts. This seems to be a relatively new W3C spec? It still holds a status of "Candidate Recommendation Draft." It has yet to even reach "W3C Recommendation" status. However, Firefox did commit to locking features down via secure contexts in 2018.

Secure contexts must be served over https:// or http://localhost (via https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts)

It seems that the gamepad API has been locked down in Firefox relatively recently. https://developer.mozilla.org/en-US/docs/Web/API/Navigator/getGamepads

https://caniuse.com/?search=gamepad.get

Basic gamepad functionality with the PS4 controller was tested both in dev and on the compiled app in Chrome, Safari, and Firefox. I don't believe this was an issue in the last PR touching gamepads.

More information: https://hacks.mozilla.org/2020/07/securing-gamepad-api/

This blog only indicates the use of secure contexts in the development versions. I am assuming that this was incorporated into the mainstream version of Firefox in version 91 if we reference the caniuse getGamepads: Secure context required chart.

This is my quick-uninformed-5-minute-search opinion on the problem. I could be completely off base here.

Edit: This same error is confirmed in a w3c GitHub discussion: https://github.com/w3c/gamepad/issues/145#issuecomment-899850875

[NoahBres]

Potential workaround if this is the issue (have yet to confirm on my end)

https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts#feature_detection

Do not run gamepad code if window.isSecureContext returns true and version is above or equal to Firefox 91. Alternatively, run a null check on navigator.getGamepads() and try catch?

Or perhaps serve dash over HTTPS? https://stackoverflow.com/questions/31270613/https-server-on-android-device-using-nanohttpd/35765334

Not entirely sure of the implications via how dash hooks into NanoHTTPD and what the process for self-provisioning a certificate is.

[NoahBres]

More discussion: https://github.com/w3c/gamepad/issues/145

This same behavior seems to be planned for Chrome as well? https://news.thewindowsclub.com/google-chrome-now-blocks-gamepad-access-on-insecure-websites-101927/ https://www.chromestatus.com/feature/5138714634223616

Restriction is still disabled by default behind an experimental flag

[NoahBres]

This comment confirms my original suspicion: https://github.com/w3c/gamepad/issues/145#issuecomment-899850875

[NoahBres]

Both WebKit and Chromium seem to be committed to this same behavior, albeit release schedule unknown.

https://github.com/w3c/gamepad/issues/145#issuecomment-899850875 https://github.com/w3c/gamepad/pull/120

[rbrott]

I don't want to fiddle with HTTPS. Let's guard the gamepad code with the secure context flag and refer users to the development instructions.