3

Chromium doesn't allow a website to access a user's camera unless the page is hosted in a "secure context". Usually that means a web server that has a valid TLS (HTTP) certificate, but there's also an exception for localhost.

I'm working on an app that needs to stream video within a LAN, and I'd like to have the webserver hosted within the LAN, as well, but it's not clear to me how to set this up so that the server is considered a "secure context". Is there a reasonable way to use TLS certs with zeroconf/bonjour hostnames? Or some other way to mark the whole LAN as trusted?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
jes5199
  • 18,324
  • 12
  • 36
  • 40

2 Answers2

2

You can use the 'Insecure origins treated as secure' flag for this:

chrome://flags/#unsafely-treat-insecure-origin-as-secure

It allows you to mark certain domains as secure, even though the connection is not https. Make sure to enable the flag, as well as to add your domain, e.g. http://example.com, to the text field.

Jespertheend
  • 1,814
  • 19
  • 27
1

You can configure TLS to servers on your LAN using a private certificate authority (CA) or using a well-known CA.

Private CA

  1. Set up a private CA using OpenSSL or other CA software.
  2. Add this CA's root certificate to the trusted certificate store in all web browsers on all devices on your LAN.
  3. Issue certificates from this CA for the machines on your LAN.
  4. Configure the machines on your LAN to use these certificates.

Well-known CA

  1. Purchase a domain name for the machines on your LAN and set up recurring payment for renewal.
  2. Assign names to the machines on your LAN in the zone file of the DNS hosting that came bundled with your domain.
  3. Obtain certificates from Let's Encrypt for the machines on your LAN using the dns-01 challenge.
  4. Configure the machines on your LAN to use these certificates.
Damian Yerrick
  • 4,602
  • 2
  • 26
  • 64