On Fri, Jan 12, 2018 at 10:22 AM T H Panton <thp@westhawk.co.uk> wrote: > > > On 12 Jan 2018, at 18:17, Sergio Garcia Murillo < > sergio.garcia.murillo@gmail.com> wrote: > > > - remote candidates: any remote candidate passed to an PC (either on > the setRemoteDescription or addIceCandidate) not maching an entry on the > whitelist will be discarded > > You've just disabled P2P in webrtc. > Can a p2p endpoint have a whitelisted domain? If yes, then you can put it in a remote candidate and it will work. But then why do you need p2p in the first place? If no, then CSP says you can't connect to it. But then CSP is inherently incompatible with p2p. > Unless you get lucky and peer-reflexive happens to work, which it won't if > both sides have the same CSP poilicy. > > Hmmm.... I forgot about peer-reflexive candidates. Those would allow JS to send data out by creating a PeerConnection, gathering STUN candidates along with ICE ufrag/pwd (even with a whitelisted STUN server), send those candidates to a controlled server, send an ICE check from the server to the client, and get the client connect back. Which means whitelisted domain candidates wouldn't be enough. You'd also have to disable peer reflexive candidates.
Received on Friday, 12 January 2018 21:39:38 UTC