MediaDevices: getUserMedia() method
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2017.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The getUserMedia() method of the MediaDevices interface prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media.
That stream can include, for example, a video track (produced by either a hardware or virtual video source such as a camera, video recording device, screen sharing service, and so forth), an audio track (similarly, produced by a physical or virtual audio source like a microphone, A/D converter, or the like), and possibly other track types.
It returns a Promise that resolves to a MediaStream object.
If the user denies permission, or matching media is not available, then the promise is rejected with NotAllowedError or NotFoundError DOMException respectively.
Note: It's possible for the returned promise to neither resolve nor reject, as the user is not required to make a choice at all and may ignore the request.
Syntax
getUserMedia(constraints)
Parameters
constraints-
An object specifying the types of media to request, along with any requirements for each type.
The
constraintsparameter is an object with two members:videoandaudio, describing the media types requested. Either or both must be specified. If the browser cannot find all media tracks with the specified types that meet the constraints given, then the returned promise is rejected withNotFoundErrorDOMException.For both
videoandaudio, its value is either a boolean or an object. The default value isfalse.- If
trueis specified for a media type, the resulting stream is required to have that type of track in it. If one cannot be included for any reason, the returned promise will reject. - If
falseis specified for a media type, the resulting stream must not have that type of track, or the returned promise will reject. Because bothvideoandaudiodefault tofalse, if theconstraintsobject contains neither property or if it's not present at all, the returned promise will always reject. - If an object is specified for a media type, the object is read as a
MediaTrackConstraintsdictionary.
- If
Return value
A Promise whose fulfillment handler receives a MediaStream
object when the requested media has successfully been obtained.
Exceptions
AbortErrorDOMException-
Although the user and operating system both granted access to the hardware device, and no hardware issues occurred that would cause a
NotReadableErrorDOMException, throw if some problem occurred which prevented the device from being used. InvalidStateErrorDOMException-
Thrown if current document is not fully active.
NotAllowedErrorDOMException-
Thrown if one or more of the requested source devices cannot be used at this time. This will happen if the browsing context is insecure (that is, the page was loaded using HTTP rather than HTTPS). It also happens if the user has specified that the current browsing instance is not permitted access to the device, the user has denied access for the current session, or the user has denied all access to user media devices globally. On browsers that support managing media permissions with Permissions Policy, this error is returned if Permissions Policy is not configured to allow access to the input source(s).
Note: Older versions of the specification used
SecurityErrorfor this instead;SecurityErrorhas taken on a new meaning. NotFoundErrorDOMException-
Thrown if no media tracks of the type specified were found that satisfy the given constraints.
NotReadableErrorDOMException-
Thrown if, although the user granted permission to use the matching devices, a hardware error occurred at the operating system, browser, or Web page level which prevented access to the device.
OverconstrainedErrorDOMException-
Thrown if the specified constraints resulted in no candidate devices which met the criteria requested. The error is an object of type
OverconstrainedError, and has aconstraintproperty whose string value is the name of a constraint which was impossible to meet, and amessageproperty containing a human-readable string explaining the problem.Note: Because this error can occur even when the user has not yet granted permission to use the underlying device, it can potentially be used as a fingerprinting surface.
SecurityErrorDOMException-
Thrown if user media support is disabled on the
Documenton whichgetUserMedia()was called. The mechanism by which user media support is enabled and disabled is left up to the individual user agent. TypeError-
Thrown if the list of constraints specified is empty, or has all constraints set to
false. This can also happen if you try to callgetUserMedia()in an insecure context, sincenavigator.mediaDevicesisundefinedin an insecure context.
Privacy and security
As an API that may involve significant privacy concerns, getUserMedia()'s
specification lays out a wide array of privacy and security requirements that browsers
are obligated to meet.
getUserMedia() is a powerful feature that can only be used in secure contexts; in insecure
contexts, navigator.mediaDevices is undefined, preventing
access to getUserMedia(). A secure context is, in short, a page loaded
using HTTPS or the file:/// URL scheme, or a page loaded from
localhost.
In addition, user permission is always required to access the user's audio and video
inputs. Only a window's top-level document context for a valid origin can even request
permission to use getUserMedia(), unless the top-level context expressly
grants permission for a given
Encryption based security
The getUserMedia() method is only available in secure contexts. A secure context
is one the browser is reasonably confident contains a document which was loaded
securely, using HTTPS/TLS, and has limited exposure to insecure contexts. If a document
isn't loaded in a secure context, the navigator.mediaDevices property is
undefined, making access to getUserMedia() impossible.
Attempting to access getUserMedia() in this situation will result in a
TypeError.
Document source security
Because of the obvious security concern associated with getUserMedia() if
used unexpectedly or without security being carefully managed, it can only be used in
secure contexts. There are a number of insecure ways to load a document that might, in
turn, attempt to call getUserMedia(). The following are examples of
situations in which getUserMedia() is not permitted to be called:
- A document loaded into a sandboxed
\n\nEncryption based security\n
The
getUserMedia() method is only available in secure contexts. A secure context\nis one the browser is reasonably confident contains a document which was loaded\nsecurely, using HTTPS/TLS, and has limited exposure to insecure contexts. If a document\nisn't loaded in a secure context, thenavigator.mediaDevices property is\nundefined, making access togetUserMedia() impossible.\nAttempting to access
getUserMedia() in this situation will result in a\nTypeError.\nDocument source security\n
Because of the obvious security concern associated with
getUserMedia() if\nused unexpectedly or without security being carefully managed, it can only be used in\nsecure contexts. There are a number of insecure ways to load a document that might, in\nturn, attempt to callgetUserMedia(). The following are examples of\nsituations in whichgetUserMedia() is not permitted to be called:\n