Why does the microphone silently fail when I embed a chatbot widget in an iframe?
By default, iframes cannot access the microphone because it's a powerful capability that poses security and privacy risks. The host page must send an explicit Permissions-Policy: microphone=(self "https://example.com") header or the iframe must open a same-origin popup. MDN Permissions-Policy reference explains the header format in detail.
How does ChatNexus handle microphone access in embedded widgets?
The flow is: widget iframe detects Permissions-Policy block β opens popup to https://chatnexus.cloud/widget/{agentUuid}/voice (same-origin) β popup gains mic permission because it's not cross-origin β popup streams audio to Redis β widget fetches audio from Redis over HTTPS. This avoids asking your host page to change HTTP headers and keeps voice data inside ChatNexus infrastructure.
Do I need to configure Permissions-Policy headers if I use ChatNexus voice?
If you want voice input to work directly inside the widget iframe (without the popup), you would need to send a Permissions-Policy header from your domain. But ChatNexus's default voice mode uses the popup, which requires no host-page changes. W3C Permissions Policy spec covers the header syntax if you decide to implement it yourself.
What's the minimum audio clip length for voice input?
This threshold balances user experience (quick queries work) with accuracy (eliminates single-syllable false positives). Clips under 800ms of detected speech do not activate recording, and clips shorter than 1.5 seconds total are discarded before being sent to the Whisper API.
Which browsers support the ChatNexus voice popup flow?
The voice popup is a standard JavaScript window that requests mic permission the same way any website would. Since it's a same-origin request from chatnexus.cloud to chatnexus.cloud, no Permissions-Policy tricks are needed. Mobile Safari and mobile Chrome also support this, though iOS and Android may show their own permission prompts.