-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict getGamepads() to [SecureContext] #113
Comments
I have a local media/web server which isn't able to get SSL without problems, but I still REALLY need this function! Any ideas? btw it says |
I think local-network-access (if the community gets agreement and it gets standardized) will solve for this. If I understand that spec correctly, it will allow for local things to be treated as "secure context". |
I don't think that is what this proposal suggests. |
Yeah partly it is not that. I just don't see in how requesting/getting access to the current connected gamepads would be usefull for 'hackers' to do malisious things. I understand camera and microphone would have to be secure context, but this, this just doesn't make sense. But maybe the local network access would be the solution for me if this really is being forced into, but else please rethink your idea of making this function secure context only. Btw the |
The API has been shown to be used for fingerprinting whenever possible, so a third-party can (and do!) inject a scripts to poke at the Gamepad API. Having secure context mitigates some of this privacy annoyance. Also, future versions of the gamepad API could allow communicating more directly with a gamepad... that will require secure contexts. |
We should evaluate that impact of making
getGamepads()
only available inSecureContext
(as we did with Geolocation).We might need to figure out some kind of deprecation timeline for the
http
/insecure API.The text was updated successfully, but these errors were encountered: