- From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
- Date: Fri, 19 Jan 2018 08:20:39 +0000
- To: public-webrtc@w3.org
alvestrand has just created a new issue for https://github.com/w3c/webrtc-pc: == Integrate CSP access control into algorithms == If https://github.com/w3c/webappsec-csp/pull/287 lands in the CSP spec, the webrtc spec should specify where and how this access is checked. As per comment in that thread, suggestion: The following situations are to be checked according to this directive: * A host URL occurs in the list of RTCIceServers of an RTCConfiguration when a PeerConnection is created. In this case, the PeerConnection creation will fail. * A host URL occurs in the list of RTCIceServers of an RTCConfiguration when a PeerConnection's setConfiguration method is called. In this case, setting the configuration will fail. * An address occurs in the ip, protocol and port fields of an RTCIceCandidate created from SetRemoteDescription or AddIceCandidate. In this case, the call will be rejected. And perhaps a note of caution, something like: "Due to the problem of listing all possible communication partners for a WebRTC application, the "*" value is likely to be the most useful value to set as the value of the "webrtc-src" directive". Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1742 using your GitHub account
Received on Friday, 19 January 2018 08:20:41 UTC