W3C home > Mailing lists > Public > public-webrtc@w3.org > August 2014

Extending content security policy for WebRTC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 29 Aug 2014 11:07:19 -0700
Message-ID: <CABkgnnX5M-5YtXo6RZWyPasx82t62MyAXFfDPiT_fgTcW+3-wQ@mail.gmail.com>
To: "public-webrtc@w3.org" <public-webrtc@w3.org>
FYI, I've asked the webappsec group to consider extending their
connect-src directive to allow sites to control whether WebRTC data
channels are permitted.  The connect-src directive covers websockets
and HTTP fetch, so this seemed logical, though WebRTC won't allow a
fine-grained, origin-based control.

Received on Friday, 29 August 2014 18:07:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:00 UTC