NEW 255651
Add support for the CSP "webrtc" CSP 
https://bugs.webkit.org/show_bug.cgi?id=255651
Summary Add support for the CSP "webrtc" CSP
Robin Berjon
Reported 2023-04-19 04:29:12 PDT
The latest CSP has a `webrtc` directive to control whether WebRTC connections can be established (https://w3c.github.io/webappsec-csp/#directive-webrtc). Supporting this is useful in order to be able to make stronger guarantees that data cannot be exfiltrated.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-04-26 04:30:21 PDT
<rdar://problem/108551702>
Ian Preston
Comment 2 2023-06-15 02:33:35 PDT
We need this in Peergos to run untrusted web apps over private data without the possibility of the app stealing the data. We describe the use case more and link other browser issues here: https://github.com/Peergos/Peergos/issues/1044
youenn fablet
Comment 3 2023-06-15 02:39:34 PDT
Implementation strategy is probably to add some checks at RTCSocketFactory level (created for each peer connection) so that we disable: - any socket traffic - any name resolution
Note You need to log in before you can comment on or make changes to this bug.