Closed marcoscaceres closed 3 years ago
I have a local media/web server which isn't able to get SSL without problems, but I still REALLY need this function! Any ideas?
btw it says getGamepad will now require (...)
, but it should say getGamepads will now require (...)
, since it is navigator.getGamepads()
and not navigator.getGamepad()
I think local-network-access (if the community gets agreement and it gets standardized) will solve for this. If I understand that spec correctly, it will allow for local things to be treated as "secure context".
I think https://wicg.github.io/local-network-access/ (if the community gets agreement and it gets standardized) will solve for this. If I understand that spec correctly, it will allow for local things to be treated as "secure context".
I don't think that is what this proposal suggests.
I think https://wicg.github.io/local-network-access/ (if the community gets agreement and it gets standardized) will solve for this. If I understand that spec correctly, it will allow for local things to be treated as "secure context".
I don't think that is what this proposal suggests.
Yeah partly it is not that. I just don't see in how requesting/getting access to the current connected gamepads would be usefull for 'hackers' to do malisious things. I understand camera and microphone would have to be secure context, but this, this just doesn't make sense.
But maybe the local network access would be the solution for me if this really is being forced into, but else please rethink your idea of making this function secure context only.
Btw the ongamepadconnected
event doesn't seem to be removed for non secure context (or at least it doesn't give message there) with this and still gives you access to the connected gamepad, but because chrome just saves a snapshot so you cannot do very much with it.
The API has been shown to be used for fingerprinting whenever possible, so a third-party can (and do!) inject a scripts to poke at the Gamepad API. Having secure context mitigates some of this privacy annoyance.
Also, future versions of the gamepad API could allow communicating more directly with a gamepad... that will require secure contexts.
We should evaluate that impact of making
getGamepads()
only available inSecureContext
(as we did with Geolocation).We might need to figure out some kind of deprecation timeline for the
http
/insecure API.