Extending content security policy for WebRTC

FYI, I've asked the webappsec group to consider extending their
connect-src directive to allow sites to control whether WebRTC data
channels are permitted.  The connect-src directive covers websockets
and HTTP fetch, so this seemed logical, though WebRTC won't allow a
fine-grained, origin-based control.


Received on Friday, 29 August 2014 18:07:51 UTC