Extending content security policy for WebRTC from Martin Thomson on 2014-08-29 (public-webrtc@w3.org from August 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 29 Aug 2014 11:07:19 -0700
To: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CABkgnnX5M-5YtXo6RZWyPasx82t62MyAXFfDPiT_fgTcW+3-wQ@mail.gmail.com>

FYI, I've asked the webappsec group to consider extending their
connect-src directive to allow sites to control whether WebRTC data
channels are permitted.  The connect-src directive covers websockets
and HTTP fetch, so this seemed logical, though WebRTC won't allow a
fine-grained, origin-based control.

http://lists.w3.org/Archives/Public/public-webappsec/2014Aug/0162.html

Received on Friday, 29 August 2014 18:07:51 UTC