W3C home > Mailing lists > Public > public-webrtc@w3.org > August 2015

Re: Sandboxing usage of RTCPeerConnection?

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 17 Aug 2015 06:33:59 -0700
Message-ID: <CABcZeBNq5e-xU0ZqdyXXTzqgFmdTTzRjiFdMiR+1q6MgT5+n2g@mail.gmail.com>
To: Dominique Hazael-Massieux <dom@w3.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On Mon, Aug 17, 2015 at 6:28 AM, Dominique Hazael-Massieux <dom@w3.org>
wrote:

> On 17/08/2015 15:21, Eric Rescorla wrote:
>
>> Well, I don't see a problem with a change in behavior that only takes
>> effect when
>> a CSP directive is set...
>>
>
> Do you see a problem with making that behavior (i.e. disabling
> RTCPeerConnection on third party embedded context) the default even if no
> CSP directive is set (and only use CSP to make it more lax)?
>

That seems to violate the general philosophy of CSP (at least when I was
involved)
that CSP was a belt-and-suspenders mechanism. In addition, I think we would
need to ask what currently valid code it would break.

-Ekr
Received on Monday, 17 August 2015 13:35:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:45 UTC