SecurityError when requesting access to MIDI

[ArTiSTiX]

I was working for the past few days on a Piano display (you can see it here: https://chord-display.rednet.io), using BrowserSource on OBS v21, using MIDI features of CEF. Everything was working fine, but not anymore after update to OBS v24. It is also working on v23 (made the downgrade).

Current Behavior

MIDI Access request rejects with following error:

SecurityError: an attempt was made to break through the security policy of the user agent

It was working fine, on a localhost version, a localfile, and on a deployed version of my tool with an HTTPS certificate.

Expected Behavior

It should allow using MIDI, and display notes played by user in OBS.

Steps to Reproduce

1. Create a BrowserSource in OBS with url: https://chord-display.rednet.io
2. (optional) Plug a MIDI device (piano), or install a Virtual MIDI device (OSX: MidiKeys is a good one for testing: http://www.manyetas.com/creed/midikeys.html)
3. Play notes

Step 1 is currently breaking with error, since MIDI is initialized on load.

Additional information

OS: MacOS Mojave 10.14.6 OBS Studio version: v24.0.6 [obs-browser]: Version 2.7.16

Working OBS Studio versions: v21...v23 ([obs-browser]: Version 2.3.1)

[VodBox]

The cause of the change is related to the CEF version. Builds I had made with older versions had WebMIDI working, but newer versions (particularly the one we use in v24, maybe even v23 on Windows?) stopped working. I was unable to determine the security policy that the error message refers to. I will however be looking closer into this.

[ArTiSTiX]

@VodBox thanks for investigating ! I was hoping it was only related to obs-browser, it would have been easier to fix I think.

[ArTiSTiX]

Hi @VodBox Any update on CEF security implementation of MIDI ? I tried to find a ticket on CEF bugtracker without success, is there anything i can help with ?

MIDI is still not working on OBS v25 though.

[Kruiser8]

I also just ran into this last week. I'll add that it's easily testable by opening https://francoisgeorgy.github.io/web-midi-events/webmidi-events.html in a browser source.

Additionally, I was unable to make it work by setting chromium flags. I tried --disable-web-security as well as a handful of others.

Organizing information from a discord conversation. It looks like MIDI isn't supported in CEF at the moment. Here's the CEF ticket: https://bitbucket.org/chromiumembedded/cef/issues/1028/cef3-implement-web-midi-permission Here's a forum post where the author of CEF says it isn't supported: https://www.magpcss.org/ceforum/viewtopic.php?f=6&t=16752

We also couldn't find any reference to MIDI libraries or functions in CEF so perhaps it was removed since it wasn't properly checking permissions (WizardCM idea)? There's no reference to midi in the git log for CEF.

[ThePianoGuy]

From https://github.com/chromiumembedded/cef/issues/1028

"The CefBrowserContext::RequestMIDISysExPermission() method must be implemented to allow Web MIDI usage." The issue is now closed as completed.

Does that mean we can now use MIDI in BrowserSource? If so, how?

[CodexHere]

Just ran into this as well, any chance of a status update or any feedback?

[swolekat]

Any update on this issue for the latest version? I was trying to implement something like this today but ran into this issue.

[kirahan]

Marked, and let me know if any update or feedback

[swolekat]

This is still an issue in OBS 30.0

[nzoschke]

Hitting this here too. Also tried running the web server serving the web midi page on https://127.0.0.1:4321/ with a valid cert via mkcert.

[Fenrirthviti]

I'm reasonably sure that this would need to be backported manually to the version of CEF we use, and it is not likely that anyone on the core team would be spending time on this any time soon.

[ThePianoGuy]

Boys, we have to learn to manually backport this to CEF.