W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: CSP for WebRTC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 5 Sep 2014 22:12:36 -0700
Message-ID: <CABkgnnXav95aarj_WPShtdVMV2bsU5RHOsiWvj2VVceEKpb=WQ@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, WebAppSec WG <public-webappsec@w3.org>
On 3 September 2014 06:32, Mike West <mkwst@google.com> wrote:
> This seems like a good thing to add to the next iteration. I'll file a bug
> to make sure we remember to consider it:
> https://www.w3.org/2011/webappsec/track/issues/67

And here is a follow-up request.

We have some folks working on getting their CSP right for a WebRTC
application and the discussion turned to 'media-src'.  Our initial
take on that was that we didn't think it was particularly interesting
from a site integrity perspective, but this comment suggests that
maybe it's a good idea to provide protection anyway:

That suggests two new keyword-source values for media-src: 'webrtc'
and 'user[-]media'.
Received on Saturday, 6 September 2014 05:13:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC