Chrome在HTTP下如何调用getUserMeida()，总是显示PermissionDen

Testing a Powerful Feature If a feature is powerful and not available on HTTP, and you are a developer that needs to keep testing a feature on a server that does not have a valid certificate, you have several options: 1. localhost is treated as a secure origin over HTTP, so if you're able to run your server from localhost, you should be able to test the feature on that server. 2. You can run chrome with the --unsafely-treat-insecure-origin-as-secure="http://example.com" flag (replacing "example.com" with the origin you actually want to test), which will treat that origin as secure for this session. Note that you also need to include the --user-data-dir=/test/only/profile/dir to create a fresh testing profile for the flag to work. Note that on Android and ChromeOS this requires having a device with root access/dev mode. 3. Create a self-signed certificate for temporary testing. This requires advancing through an invalid certificate interstitial, which is generally not recommended, but testing without inputting sensitive information is a reasonable time to do so. Note that because of this interstitial click-through, we highly recommend options (1) and (2) instead, but they are difficult to do on mobile. See this post on setting up a self-signed certificate for a server for more information on how to do this. We are hoping to come up with better metheds for testing powerful features on insecure origins, and we'll be sure to update this page once we've developed them. Feel free to contribute ideas to security-dev@chromium.org.

产品环境不可能允许你在不安全的行为的。https://stackoverflow.com/questions/43768161/using-ws-while-on-https-mixed-content

改服务器端