- From: Ian Denhardt via GitHub <sysbot+gh@w3.org>
- Date: Thu, 21 Jan 2021 20:39:24 +0000
- To: public-webrtc-logs@w3.org
Sure! This is in the context of [Sandstorm][1]. Basically, it's a platform for self-hosting web apps, and we don't want apps to be able to "phone home" to app developers without the consent of the user -- so on the server side apps are containerized and not given network access, and in the browser we use Content-Security-Policy to block most ways an app could contact the outside world (there's currently no way to do this for webrtc, which I'm trying to help solve in https://github.com/w3c/webappsec-csp/pull/457). We also run the app's page itself from a separate origin than the Sandstorm UI, inside of an iframe, with the Sandstorm UI around it. You can get a feel for it at <https://demo.sandstorm.io>. The iframe has the unfortunate consequence that apps can't request access to mic & camera directly. So, I'd like to provide a way through which apps could request this access (and also controlled use of the networking portions of webrtc) from Sandstorm itself via a postMessage() API; we already use this mechanism for requesting access to server-provided resources, so it would be a natural extension: https://docs.sandstorm.io/en/latest/developing/powerbox/ With that in place, Sandstorm can request access to resources from the browser itself, and then mediate apps' access to them. Note that if/when the CSP change is implemented, Sandstorm itself can still create webrtc connections, since it is served from a different origin than the apps, with a different (more relaxed) CSP. [1]: https://sandstorm.io/ -- GitHub Notification of comment by zenhack Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/issues/64#issuecomment-764922669 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 21 January 2021 20:39:31 UTC