Javascript
Web development

User Gesture Restricted Web APIs

API can only be initiated by a user gesture — what does this error mean, and how can you fix it?

ByAnna Azzam
Published on

When dealing with Web APIs, you come across this error:

API can only be initiated by a user gesture

Why does this error happen, and what exactly does it mean?

Why does this happen?

This error means that the API which you are trying to call cannot just be called in your code, it needs to be initiated by a user gesture.

Let’s use the Fullscreen API as an example. This Web API has a method Element.requestFullscreen() which places the target element and the entire browser’s web page into fullscreen mode.

Below is an example of calling requestFullscreen as soon as the page loads:

window.addEventListener("DOMContentLoaded", (event) => {
  document.body.requestFullscreen();
});

This code will not work, as the action is not initiated by a user gesture. This limitation is applied so that you cannot force a website to display in fullscreen mode — you can only enter fullscreen mode via a user gesture or action.

The primary reason behind this limitation is for security reasons — imagine if videos could automatically play without you choosing to play them, or malicious websites could take your entire screen as soon as you visit the webpage. Restricting these API methods to user gestures ensures that they are intended by the user.

What should I do instead?

To fix this type of error, the API method needs to be called in the event listener for a user action, such as a click orkeydown event.

Here’s an example where we are calling requestFullscreen once a button is clicked to fix our error above:

window.addEventListener("DOMContentLoaded", (event) => {
  const button = document.getElementById("btn");
  button.addEventListener("click", () => {
    document.body.requestFullscreen();
  });
});

Valid user gestures include:

  • change
  • click
  • contextmenu
  • dblclick
  • mouseup
  • pointerup
  • reset
  • submit
  • touchend

Events such as mousemove or mouseenter are not valid user gestures.

Conclusion

In conclusion, for security reasons, browsers prevent certain scripts from running unless triggered by a user action. This applies to methods other than Fullscreen as well, such as playing video or audio via HTMLMediaElement.play().

Hope this helped!

Enjoyed this article?

Share it with your network to help others discover it

LinkedIn logo for sharing a link
Twitter logo for sharing a linkReddit logo for sharing a link

Continue Learning

Discover more articles on similar topics

How to Convert a Date String to Timestamp in JavaScript?

Different ways of converting a date string to a timestamp in JavaScript.

JavascriptTimestamp

A Guide to Nested Promises, Anti-Pattern, and Alternatives

JavascriptPromiseAsync

SurveyJS: Why It Is Better Than Your Average JavaScript Survey Library

5 ways in which SurveyJS, a free and open-source library, does so much more than just build surveys.

JavascriptSurveysSurveyjs

The Best (and Worst way) of Solving the Palindrome Algorithm Question

The palindrome question does a great job testing developer’s basic understanding of how to manipulate a string.

Software developmentSoftware engineeringAlgorithms

How to Find String Index in JavaScript

JavascriptStringIndexof

Preventing Regular Expression Backtracking in JavaScript

JavascriptRegex