mavavilj
commented
8 months ago And yes it does say that localhost is considered secure, however I thought it would still require HTTPS.
Open mavavilj opened 8 months ago
mavavilj
commented
8 months ago And yes it does say that localhost is considered secure, however I thought it would still require HTTPS.
mavavilj
commented
8 months ago mavavilj
commented
8 months ago Or it means like it says on:
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.
But then it's confusing that Firefox still marks it as insecure.
guest271314
commented
7 months ago But then it's confusing that Firefox still marks it as insecure.
Firefox doesn't mark HTTP as insecure.
mavavilj
commented
7 months ago But then it's confusing that Firefox still marks it as insecure.
Firefox doesn't mark HTTP as insecure.
It does.
guest271314
commented
7 months ago Where? I just created an HTTP server with node and successfully use getUserMedia() on http: protocol on Firefox Nightly 123. I didn't observe any notifications http: was "insecure".
Based on:
https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia
the getUserMedia() method should be available only in secure contexts (HTTPS).
However, I am deploying web-dictaphone on CivetWeb (https://github.com/civetweb/civetweb) locally and it seems to run fine over HTTP.
The browsers even say it's truly an insecure context.