Affecting getUserMedia() can no longer be used on insecure sites

Published: | Categories: Audio & Video, Privacy & Security

Description

Starting with Firefox 68, the getUserMedia method on the MediaDevices interface only works on websites served via HTTPS. When these methods are called on insecure sites, a NotAllowedError exception will be thrown. Google Chrome has already made the change in version 47, and less than 3% of sites are affected according to Mozilla’s Telemetry data.

In the near future, the navigator.mediaDevices object and the navigator.mozGetUserMedia method will also require secure origins as per the current Media Capture and Streams spec. Make sure to always serve your site via HTTPS.

Update: The initial version of this note mentioned the enumerateDevices method as well, but it’s still available in Firefox 68. We have corrected the title and description according to feedback, and added a link to the WebRTC blog.

Update 2: As of Firefox 69, the navigator.mediaDevices object and the navigator.mozGetUserMedia method are no longer available to insecure sites.

References