Best practices

Introduction

Welcome to our guide on employing audio, microphone, and Fullscreen functionalities within the PixelStreaming WebSDK framework. In our pursuit of seamless user experiences, we prioritize aligning with the highest standards of security and privacy, respecting browser policies designed to safeguard end users.

Audio and Microphone Access

User Consent: It is crucial that applications request explicit user consent before accessing audio or microphone capabilities. This requirement is not only a cornerstone of user privacy but also a compliance measure with modern browser security protocols. Encourage transparent practices by integrating clear consent mechanisms within your user interface.

Indicators of Use: Enhance trust and transparency by visibly indicating when the microphone is active. This practice reassures users about their privacy and control over their personal devices.

Fullscreen Functionality

Manual Activation: We advocate for users to manually initiate Fullscreen mode. This approach respects user autonomy and adheres to browser guidelines that typically restrict automatic fullscreen activation due to security concerns.

Security Warnings: Educate users on the potential security implications of Fullscreen mode, such as the increased risk of phishing through UI mimicry. Providing clear, accessible information empowers users to make informed decisions about their engagement with Fullscreen features.

Integrating Streaming Content

Avoiding Direct Iframe Embedding: Directly embedding streaming content via iframes can introduce security vulnerabilities and degrade the user experience. Modern browsers often apply restrictions to iframe content, limiting functionality in the interest of user safety.

Recommended Integration with WebSDK: To ensure optimal performance and security, we recommend leveraging our WebSDK for content integration. This approach bypasses the limitations and risks associated with direct iframe embedding, providing a seamless and secure streaming experience that complies with current web standards.

Why Avoid Direct Iframe Embedding?

Security Concerns: Iframes can be a vector for security issues like clickjacking attacks. Embedding content directly from external sources can expose users to risks if not properly secured.
Cross-Origin Restrictions: Modern web browsers implement the same-origin policy, which restricts how documents or scripts loaded from one origin can interact with resources from another origin. This can limit the functionality of content embedded via iframes.
Performance and User Experience: Iframes can slow down page loading times and create a less integrated user experience. They also don't always adapt well to mobile screens or responsive designs.

General Recommendations

Stay Informed: Continually update your knowledge of browser guidelines and security practices. Share this knowledge with your users, offering clear instructions and the rationale behind these best practices to foster a safer digital environment.

By adhering to these guidelines, developers and users together contribute to a more secure, privacy-respecting digital ecosystem. Our commitment to these principles ensures that our WebSDK offers not only advanced functionality but also a trustable platform for developers and end-users alike. For more information please visit:

Chrome for DevelopersChrome for Developers

MDN Web Docs

PreviousMigration from @arcware/webrtc-plugin NextConfiguration

Last updated 19 days ago