Re: webRTC and Content Security Policy connect-src

On 01/17/2018 09:57 AM, Sergio Garcia Murillo wrote:
> On 17/01/2018 1:14, Stephen Farrell wrote:
>> Maybe I'm overly concerned, but there could be significant
>> problems with whitelists in this space acting to further
>> entrench the biggest players generally getting to see or
>> control JS or traffic, even if the web sites didn't really
>> want to have that happen.
>
> While I could agree with this concern, that is a concern for CSP in
> general, not for our switch. I would be more worried if a hosting
> service doesn't allow xmlhttprequest outside their service to enforce
> vendor lock in, but this would be an issue to discuss in CSP list, not
> here.
>
> Best regards
>
> Sergio
>
>
One specific proposal is being discussed here:

https://github.com/w3c/webappsec-csp/pull/287

Somehow this seems both simpler and less useful than I thought it would
be likely to be.

-- 
Surveillance is pervasive. Go Dark.

Received on Wednesday, 17 January 2018 13:21:46 UTC