We are currently using EME in a non-secure contexts, and testing it on the Chromecast 1.24 still works. Will this be removed in the final release of chromecast 1.24?
According to this it will:
https://plus.google.com/+LeonNicholls/posts/VXmNRPLq3eV
But it still works in the latest 1.24 beta
Based from the blog you gave, EME requires secure context in the new release.
Following Chrome’s powerful feature policy, EME will not be supported on insecure (
http://) contexts.navigator.requestMediaKeySystemAccesswill be undefined when running in an insecure context.
You can also check it in this thread.
Support for non-secure contexts has been removed from EME v1 spec and will not be in the upcoming Proposed Recommendation (PR) or subsequent final Recommendation. The API was included in the original intent-to-deprecate and listed on the Chromium wiki page starting in Feb 2015, and has been showing a deprecation message since May 2015. If approved, the deprecation message will be updated to include the concrete timeframe.
Some usages of EME expose DRM implementations that are not open source, involve access to persistent unique identifiers, and/or run unsandboxed or with privileged access. The risks are increased when exposed via insecure HTTP, because they could be attacked by anyone on the channel. In addition, for implementations that require explicit permissions, permission for an insecure HTTP site can be exploited.
