When it comes to playing a stream protected with DRM, the decryption is directly handled by the browser through a component called the CDM (Content Decryption Module). The video player access this module via the EME (Encrypted Media Extension) API.
Since the version 58 of Chrome (2017), Google have set some news rules regarding playback of protected streams in their Chrome browser. Chrome no longer allows the usage of this API, and other APIs as well, over “insecure contexts”, which means that the web page where the player is hosted, as well as the stream itself has to be delivered via HTTPS, otherwise Chrome will not enable the EME API and the playback of protected content will then not be performed.
Firefox will be most likely be the next browser who enforces HTTPS for playing DRM protected content, as it already states a warning the debug console, that HTTPS will be required “soon”.
While this restriction doesn’t apply to all browsers yet, sooner or later they will follow the example of Chrome, in order enforce a more secure content delivery.