getUserMedia allows you to listen in to the private conversations of the user. If it were enabled over unencrypted HTTP, this would allow an attacker to inject code that listens in and sends the conversations to the attacker. For example, if you if you are in a private conference room of a hotel with unencrypted WiFi, everybody in the vicinity of the hotel could listen in. Even if your app does not usually deal with sensitive conversations, an attacker could replace your code with theirs in order to listen in at a later time, when another app is in use.
Therefore, getUserMedia is only available from secure contexts. For testing, you can exempt your domain by starting Chrome with --unsafely-treat-insecure-origin-as-secure=“example.com”, or simply test under http://localhost/.
If you want your app to listen to the user’s microphone, you must serve it via TLS. There is no way around it. If there were, it would be regarded as a security hole and fixed in the next version of the browsers.
HINT
You might have to add “http://” on the command line, e.g.:
–unsafely-treat-insecure-origin-as-secure=“http://example.com”
通过传递相应参数来启动 Chrome Insecure origins treated as secure flag 并填入相应白名单。
- 打开 chrome://flags/#unsafely-treat-insecure-origin-as-secure
将该 flag 切换成 enable 状态 - 输入框中填写需要开启的域名,譬如 http://example.com",多个以逗号分隔。
- 重启后生效。