W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2018

[webrtc-pc] Integrate CSP access control into algorithms

From: Harald Alvestrand via GitHub <sysbot+gh@w3.org>
Date: Fri, 19 Jan 2018 08:20:39 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-289895352-1516350037-sysbot+gh@w3.org>
alvestrand has just created a new issue for https://github.com/w3c/webrtc-pc:

== Integrate CSP access control into algorithms ==
If https://github.com/w3c/webappsec-csp/pull/287 lands in the CSP spec, the webrtc spec should specify where and how this access is checked.

As per comment in that thread, suggestion:

The following situations are to be checked according to this directive:

* A host URL occurs in the list of RTCIceServers of an RTCConfiguration when a PeerConnection is created. In this case, the PeerConnection creation will fail.
* A host URL occurs in the list of RTCIceServers of an RTCConfiguration when a PeerConnection's setConfiguration method is called. In this case, setting the configuration will fail.
* An address occurs in the ip, protocol and port fields of an RTCIceCandidate created from SetRemoteDescription or AddIceCandidate. In this case, the call will be rejected.

And perhaps a note of caution, something like: "Due to the problem of listing all possible communication partners for a WebRTC application, the "*" value is likely to be the most useful value to set as the value of the "webrtc-src" directive".


Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1742 using your GitHub account
Received on Friday, 19 January 2018 08:20:41 UTC

This archive was generated by hypermail 2.3.1 : Friday, 19 January 2018 08:20:43 UTC