Re: [webrtc-extensions] Add a CSP check to RTCPeerConnection.constructor(). (#81) from Paul Rumkin via GitHub on 2021-06-30 (public-webrtc-logs@w3.org from June 2021)

From: Paul Rumkin via GitHub <sysbot+gh@w3.org>
Date: Wed, 30 Jun 2021 16:41:13 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-871563136-1625071271-sysbot+gh@w3.org>

From the perspective of Sandstorm and reliable sandboxing, there should be 'service-worker-src' directive to allow workers and shared workers to be provided by third party and service worker provided only by trusted source. This is because of ability to service worker to override security headers and thus to escape from the sandbox.

-- 
GitHub Notification of comment by rumkin
Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/pull/81#issuecomment-871563136 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 30 June 2021 16:41:15 UTC