Changes in Web MIDI API in Chrome in 2019
What to do to make sure your app will still work
If you’ve been playing with Web MIDI API recently you might have seen the new warning that appears every time you run
[Deprecation] Web MIDI will ask a permission to use even if the sysex is not specified in the MIDIOptions since M75, around June 2019. See https://www.chromestatus.com/feature/5138066234671104 for more details.
What is sysex?
Sysex is an abbreviation for System Exclusive Messages. These are special type of messages that let you configure your MIDI device. Some synthesizers accepts uses as a configuration protocol, it allows to configure them or upload the patches to their memory.
Because these operations are usually persistent and can reconfigure the device, Chrome was always asking user for permission to perform such actions. Now Chrome will explicitly require user to grant permissions even if we do not use sysex.
Should I worry?
The change is not included in M75 and M76 (the latest version at the time of writing) but it will probably land in Chrome eventually. If you have a project that uses Web MIDI API you will have to do the following:
- Make sure you serve your page over HTTPS
- Make sure you provide a good experience when user does not allow MIDI to be used
Serving over HTTPS
Because Web MIDI API will now ask for permissions, any app using it will have to be served over HTTPS. Chrome’s permission requiring feature is available only on secure origins so effectively only on these the MIDI API will be allowed.
Secure origin is any page that follows one of the following formats:
(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, — )
(chrome-extension, *, — )
This means you can still use Web MIDI API in Chrome Extensions, on pages server over HTTPS and when developing locally. On the rest it won’t work and the promise returned by
navigator.requestMIDIAccess will get rejected with
DOMException: An attempt was made to break through the security policy of the user agent.
Provide good user experience when user rejects access
Before, you didn’t have to care about user rejecting access to the MIDI interface. Now it can happen, so it would be good to react when it happens. If access to MIDI is not vital for you app to work, it would be great to allow users to access all other functionality. If the MIDI access is fundamental for your app to work, it would be great to inform users why is so and allow them to retrigger the permission dialog.