You should not instruct users to change flags in order to use this. This opens up fairly serious security loopholes as malicious websites can start screensharing without being instantiated by the user.
Instead of using the getUserMedia API directly, you should use Chrome's chooseDesktopMedia API to get a desktop capture source (the screen, a tab, or any application window). The chooseDesktopMedia API is available in Chrome 34+ and can be used to do desktop screen capture/share without asking the user to enable flags.
As of 6 hours ago, the flag (#enable-usermedia-screen-capture) has been removed and will not be present in Chrome 35 Stable. [Ref: https://codereview.chromium.org/270353002 & https://code.google.com/p/chromium/issues/detail?id=347641]
In any case, cool hack!
20% of the world (and likely an even larger percentage of HN users) already have cDM support! [http://caniuse.com/usage_table.php]
Hoping this is just the first trial run and the next iteration will get this resolved.
I expect an enormous number of Chrome Extensions that do all sorts of web-based screen recording & sharing in the coming months.
Correct me if I'm wrong but isn't that api an extension only api?
I don't really see the security problem. Right now there is a popup asking if you want to share your screen, and there is also a permanent warning at the bottom of the screen while the screen is being shared. Also it is only available on https sites. What possible security risk is there?
In M35+, the flag will no longer appear. Thus, the only way to get a screen media source (tab, screen, window etc.) in the first place is to use the chooseDesktopMedia API. That will give you a source id to use with the getUserMedia API.
Yes, it requires an extension and that's the way it ought to be. Explicit user-intent, properly sandboxed.
Allowing any website to arbitrarily capture your entire desktop screen (or any application screen) is an enormous security risk that shouldn't be taken lightly, so an extension seems like the right decision.
So basically you're saying that we either need to change the architecture of our app for Chrome so that it is an extension, or else put the screen-sharing part into an extension. (I'm guessing our entire app would need to be an extension, due to 'sandboxing', although I'm not certain). To be honest I'm not sure why we should change to an extension just for chrome (and just to get screen sharing). It's a bit like telling us we need to rewrite our app in NaCl just for chrome :)
Ideally I would like a cross-platform screen sharing feature in getUserMedia, similar to how it worked in Chrome (but without the user having to set any flags).
I don't really buy the arguments in http://tools.ietf.org/html/draft-ietf-rtcweb-security-06#sec.... Worst case is a dumb user gives permission to screen share to a dodgy site which then reads their bank balance and/or emails (but can't get access to any passwords). If that's a concern then why not just have a small preview window showing exactly what is being shared?
While you wish to have the easiest user experience (no extension, one click screen share/capture), this is a dangerous problem.
Imagine a malicious website or advertisement that now calls getUserMedia and takes a screencap of your personal email account, bank account or private chat. The user may or may not notice the Chrome notice saying "http://website is sharing your screen" (paraphrased) but even if the user noticed it and pressed "Stop" the damage has already been done. It only takes a fraction of a second for a malicious app to screencap each browser tab.
By Chrome 35, you will no longer have to set any flags, but you will not be able to get the chromeDesktopSource without first going through the chooseDesktopMedia API.
Each time a website wants access to a Desktop Source (screen, tab, or window), it will have to explicitly ask the user for a source and permission via the Chrome dialog.
Does that make more sense now? Hope it helps.
Currently there is a prompt every time when you request the desktop chromeMediaSource: 'screen' - it says something like 'Allow this web page to share your screen'. It definitely does not just grab your screen automatically with no prior warning.
According to the WebRtc bug report the ONLY way you will now be able to access the desktop is via an extension. Chrome are doing this because they believe there are too many risks in desktop sharing, and even putting a bigger, scarier warning isn't sufficient because many users apparently ignore warnings.