Bug 255651
| Summary: | Add support for the CSP "webrtc" CSP | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Robin Berjon <robin> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, beidson, bfulgham, ianopolous, philn, rego, rreno, webkit-bug-importer, wilander, youennf |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Robin Berjon
The latest CSP has a `webrtc` directive to control whether WebRTC connections can be established (https://w3c.github.io/webappsec-csp/#directive-webrtc).
Supporting this is useful in order to be able to make stronger guarantees that data cannot be exfiltrated.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/108551702>
Ian Preston
We need this in Peergos to run untrusted web apps over private data without the possibility of the app stealing the data.
We describe the use case more and link other browser issues here: https://github.com/Peergos/Peergos/issues/1044
youenn fablet
Implementation strategy is probably to add some checks at RTCSocketFactory level (created for each peer connection) so that we disable:
- any socket traffic
- any name resolution