0👍
Encryption based security
The getUserMedia() method is only available in secure contexts. A secure context is one the browser is reasonably confident contains a document which was loaded securely, using HTTPS/TLS, and has limited exposure to insecure contexts. If a document isn’t loaded in a secure context, the navigator.mediaDevices property is undefined, making access to getUserMedia() impossible.
Attempting to access getUserMedia() in this situation will result in a TypeError.
Document source security
Because of the obvious security concern associated with getUserMedia() if used unexpectedly or without security being carefully managed, it can only be used in secure contexts. There are a number of insecure ways to load a document that might, in turn, attempt to call getUserMedia(). The following are examples of situations in which getUserMedia() is not permitted to be called:
A document loaded into a sandboxed element cannot call getUserMedia() unless the has its sandbox attribute set to allow-same-origin.
A document loaded using a data:// or blob:// URL which has no origin (such as when one of these URLs is typed by the user into the address bar) cannot call getUserMedia(). These kinds of URLs loaded from JavaScript code inherit the script’s permissions.
Any other situation in which there is no origin, such as when the srcdoc attribute is used to specify the contents of a frame.
https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia#security