Bug 255651

Summary: Add support for the CSP "webrtc" CSP
Product: WebKit Reporter: Robin Berjon <robin>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: achristensen, beidson, bfulgham, ianopolous, philn, rego, rreno, webkit-bug-importer, wilander, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Robin Berjon 2023-04-19 04:29:12 PDT 
The latest CSP has a `webrtc` directive to control whether WebRTC connections can be established (https://w3c.github.io/webappsec-csp/#directive-webrtc).

Supporting this is useful in order to be able to make stronger guarantees that data cannot be exfiltrated.
Comment 1 Radar WebKit Bug Importer 2023-04-26 04:30:21 PDT 
<rdar://problem/108551702>
Comment 2 Ian Preston 2023-06-15 02:33:35 PDT 
We need this in Peergos to run untrusted web apps over private data without the possibility of the app stealing the data. 

We describe the use case more and link other browser issues here: https://github.com/Peergos/Peergos/issues/1044
Comment 3 youenn fablet 2023-06-15 02:39:34 PDT 
Implementation strategy is probably to add some checks at RTCSocketFactory level (created for each peer connection) so that we disable:
- any socket traffic
- any name resolution