chrome 47 中的 getUserMedia() 不使用 https [英] getUserMedia() in chrome 47 without using https

问题描述

在 chrome 版本 47 中，他们强制您使用 https 以允许使用 getUserMedia().不幸的是，我不能在我的整个网络中使用 https，我只在登录休息中使用它(它是一个 SPA - 单页应用程序).所以，网络地址没有https，只有登录休息使用ssl.我使用这个 repo 几乎没有什么变化:https://github.com/Jmlevick/html-recorder

In chrome version 47 they force you to use https to be allow using getUserMedia(). Unfortunately, I can't use https in my whole web, I only use it in the login rest (It a SPA - single page app). So, the address to the web is without https, only the login rest uses ssl. I use this repo with very little changes: https://github.com/Jmlevick/html-recorder

我的问题是是否有任何方法可以在我的网络应用程序中使用录音机并将我的网址保留为 http 而不是 https?你有什么想法来克服这个问题?

My question is if is there any way to use audio recorder in my web app and keep my web address with http and not https? what ideas do you have to overcome this issue?

推荐答案

getUserMedia 允许您收听用户的私人对话.如果它是通过未加密的 HTTP 启用的，这将允许攻击者注入侦听并将对话发送给攻击者的代码.例如，如果您在酒店的私人会议室中使用未加密的 WiFi，酒店附近的每个人都可以收听.即使您的应用程序通常不处理敏感对话，攻击者也可以将您的代码替换为以便稍后在使用另一个应用程序时收听.

getUserMedia allows you to listen in to the private conversations of the user. If it were enabled over unencrypted HTTP, this would allow an attacker to inject code that listens in and sends the conversations to the attacker. For example, if you if you are in a private conference room of a hotel with unencrypted WiFi, everybody in the vicinity of the hotel could listen in. Even if your app does not usually deal with sensitive conversations, an attacker could replace your code with theirs in order to listen in at a later time, when another app is in use.

因此，getUserMedia 只能从 安全上下文.对于测试，您 可以通过使用 --unsafely-treat-insecure-origin-as-secure="example.com" 启动 Chrome 来免除您的域，或者只需在 http:/下测试/localhost/.

Therefore, getUserMedia is only available from secure contexts. For testing, you can exempt your domain by starting Chrome with --unsafely-treat-insecure-origin-as-secure="example.com", or simply test under http://localhost/.

如果您希望您的应用收听用户的麦克风，您必须通过 TLS 为其提供服务.没有其他办法了.如果有，将被视为安全漏洞，并在下一个版本的浏览器中修复.

If you want your app to listen to the user's microphone, you must serve it via TLS. There is no way around it. If there were, it would be regarded as a security hole and fixed in the next version of the browsers.

提示

您可能需要在命令行中添加http://"，例如:<代码>--unsafely-treat-insecure-origin-as-secure="http://example.com"

You might have to add "http://" on the command line, e.g.: --unsafely-treat-insecure-origin-as-secure="http://example.com"

这篇关于chrome 47 中的 getUserMedia() 不使用 https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！