getUserMedia was supposed to work only via HTTPS, but web-dictaphone runs okay over HTTP on Android?

[mavavilj]

Based on:

https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia

the getUserMedia() method should be available only in secure contexts (HTTPS).

However, I am deploying web-dictaphone on CivetWeb (https://github.com/civetweb/civetweb) locally and it seems to run fine over HTTP.

The browsers even say it's truly an insecure context.

[mavavilj]

And yes it does say that localhost is considered secure, however I thought it would still require HTTPS.

[mavavilj]

Proof:

https://www.youtube.com/shorts/LbbDJivS58c

[mavavilj]

Or it means like it says on:

https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

But then it's confusing that Firefox still marks it as insecure.

[guest271314]

But then it's confusing that Firefox still marks it as insecure.

Firefox doesn't mark HTTP as insecure.

[mavavilj]

But then it's confusing that Firefox still marks it as insecure.

Firefox doesn't mark HTTP as insecure.

It does.

[guest271314]

Where? I just created an HTTP server with node and successfully use getUserMedia() on http: protocol on Firefox Nightly 123. I didn't observe any notifications http: was "insecure".