Re: [webrtc-extensions] Add a CSP check to RTCPeerConnection.addIceCandidate(). (#81) from Anne van Kesteren via GitHub on 2021-11-25 (public-webrtc-logs@w3.org from November 2021)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Thu, 25 Nov 2021 08:47:56 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-978964563-1637830075-sysbot+gh@w3.org>

The port restrictions apply to all connections, yes. Not all ports are blocked though. Are you suggesting there are code paths specifically for non-blocked ports? That sounds rather wonky.

It's not clear to me we want to reveal the CSP restrictions directly to a potential attacker. If the website wanted to convey its CSP policy it can already, right?

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/pull/81#issuecomment-978964563 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 25 November 2021 08:47:59 UTC