getUserMedia() in chrome 47 without using https
Solution 1:
getUserMedia
allows you to listen in to the private conversations of the user. If it were enabled over unencrypted HTTP, this would allow an attacker to inject code that listens in and sends the conversations to the attacker. For example, if you if you are in a private conference room of a hotel with unencrypted WiFi, everybody in the vicinity of the hotel could listen in. Even if your app does not usually deal with sensitive conversations, an attacker could replace your code with theirs in order to listen in at a later time, when another app is in use.
Therefore, getUserMedia
is only available from secure contexts. For testing, you can exempt your domain by starting Chrome with --unsafely-treat-insecure-origin-as-secure="example.com"
, or simply test under http://localhost/
.
If you want your app to listen to the user's microphone, you must serve it via TLS. There is no way around it. If there were, it would be regarded as a security hole and fixed in the next version of the browsers.
HINT
You might have to add "http://" on the command line, e.g.:
--unsafely-treat-insecure-origin-as-secure="http://example.com"
Solution 2:
Also you can add whiltelist by opening chrome://flags
and search for unsafely-treat-insecure-origin-as-secure
:
chrome://flags/#unsafely-treat-insecure-origin-as-secure