W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

Re: webRTC and Content Security Policy connect-src

From: Harald Alvestrand <harald@alvestrand.no>
Date: Wed, 17 Jan 2018 14:20:59 +0100
To: public-webrtc@w3.org
Message-ID: <dccea22a-927b-ae40-1ae8-31e19a30ed00@alvestrand.no>
On 01/17/2018 09:57 AM, Sergio Garcia Murillo wrote:
> On 17/01/2018 1:14, Stephen Farrell wrote:
>> Maybe I'm overly concerned, but there could be significant
>> problems with whitelists in this space acting to further
>> entrench the biggest players generally getting to see or
>> control JS or traffic, even if the web sites didn't really
>> want to have that happen.
>
> While I could agree with this concern, that is a concern for CSP in
> general, not for our switch. I would be more worried if a hosting
> service doesn't allow xmlhttprequest outside their service to enforce
> vendor lock in, but this would be an issue to discuss in CSP list, not
> here.
>
> Best regards
>
> Sergio
>
>
One specific proposal is being discussed here:

https://github.com/w3c/webappsec-csp/pull/287

Somehow this seems both simpler and less useful than I thought it would
be likely to be.

-- 
Surveillance is pervasive. Go Dark.
Received on Wednesday, 17 January 2018 13:21:46 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 17 January 2018 13:21:46 UTC