Re: Sandboxing usage of RTCPeerConnection? from Eric Rescorla on 2015-08-17 (public-webrtc@w3.org from August 2015)

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 17 Aug 2015 06:21:45 -0700
To: Dominique Hazael-Massieux <dom@w3.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <CABcZeBPdgEjD06oODE44k7wpkYERebpQbb-SB8s1JWjhgK+ByQ@mail.gmail.com>

Well, I don't see a problem with a change in behavior that only takes
effect when
a CSP directive is set...

-Ekr


On Mon, Aug 17, 2015 at 6:17 AM, Dominique Hazael-Massieux <dom@w3.org>
wrote:

> On 17/08/2015 15:15, Eric Rescorla wrote:
>
>>     How about a CSP directive that enables RTCPeerConnection for
>>     embedded contexts from specific origins and defaults to false for
>>     other than self?
>>
>>
>> Seems like a question for WebAppSec. It's not like this is the only
>> thing that's
>> problematic in IFRAMEs
>>
>
> I'm happy to take the question to WebAppSec, but it would probably be
> useful to understand first if the group who owns WebRTC would be
> comfortable with such a policy change :)
>
> Dom
>

Received on Monday, 17 August 2015 13:22:52 UTC