Changes between Initial Version and Version 1 of Ticket #4455, comment 17


Ignore:
Timestamp:
02/20/2017 11:24:44 AM (3 years ago)
Author:
sebastian
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #4455, comment 17

    initial v1  
    1 So you are talking about comment:8, where you suggest to wrap the Web RTC API, like we did for the WebSocket API, but with a different request type? IIRC, as we did that for WebSockets, it didn't take long until people discovered a way to bypass our wrapper, by initiating the connection from a document loaded through a `data:` URL, web workers and alike. Won't we have the same problem with Web RTC? Could we perhaps also leverage CSP to block Web RTC connections? 
     1So you are talking about comment:8, where you suggest to wrap the Web RTC API, like we did for the WebSocket API, but with a different request type? IIRC, as we did that for WebSockets, it didn't take long until people discovered a way to bypass our wrapper, by initiating the connection from a document loaded through a `data:` URL, web workers and alike. Won't we have the same problem with Web RTC? Is it possible to leverage CSP to address that? 
    22 
    33Also, is there any reason the `webRequest` API cannot intercept Web RTC connections, other than they just forgot to implement it like they did for WebSockets? It might be worth filing a Chromium bug.