Chrome Security Updates: No camera capture in Chrome 45.0.2454.85 (Released 9/1/2015)

[rschreijer]

The mdg:camera plugin was working fine in Chrome until version 45.0.2454.85

Mac OS X 10.10.3, but I'm sure this is due to Chrome Security updates as stated in their release notes and thus affects this plugin on other platforms.

Refused to load media from 'blob:http%3A//localhost%3A3000/31db583f-43fb-48f1-b10a-13787b49f795' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.

Is anyone else having this issue?

[rschreijer]

Found a workaround. I am using the browser-policy package. Chromium introduced a number of restrictions related to Content Security Policies in version 45.0.2454.85. By default, this prevents blob-data from "disallowed" sources in src attributes. The mdg:camera plugin uses blob-object-urls to stream the camera in a browser (see here).

You have to allow blob-data for media-src. In chrome, this means adding 'blob:' to the media-source (documentation) The browser-policy package makes this a bit tricky since it adds 'http://' and 'https:///' by default when you use any of the documented functions (i.e. allowMediaOrigin). This is how I got it to work:

After setting all your directives, as the very last action of configuring your browser policies, add

var constructedCsp = BrowserPolicy.content._constructCsp();
BrowserPolicy.content.setPolicy(constructedCsp +" media-src blob:;");

[jccgadam]

Hi: I ran into the same issue as you had.And your post is really helpful. thanks a lot