Introduce 'webrtc' as a simple on/off switch

[zenhack]

This builds on #287; I've merged in changes from master and then changed the description so that this is a simple on-off switch with * allowing anything and 'none' denying everything.

The original PR had at least one TODO in there that I haven't yet tackled, so this is definitely still in the "starting point for discussion" phase.

PTAL

---

(2022-02-14): For folks not wanting to wade through over a year worth of comments, a summary of things that we ended up settling on:

• The directive's name changed from webrtc-src to webrtc, and we don't inherit from any other directive due to compatibility considerations.
• The accepted values are 'allow' and 'block', rather than * and 'none'
• In the companion pr at Add a CSP check to RTCPeerConnection.addIceCandidate(). webrtc-extensions#81, we integrate this with webrtc in the definition of "administratively prohibited."

---

Preview | Diff

[zenhack]

The CI has pointed out that I need to sign off on some licensing stuff. I'm not affiliated with any relevant organization, so probably this case applies:

Otherwise, the WG’s team contacts will request the contributors to sign the non-participant licensing commitments

how do I go about this?

[mozfreddyb]

The CI has pointed out that I need to sign off on some licensing stuff. I'm not affiliated with any relevant organization, so probably this case applies:

Otherwise, the WG’s team contacts will request the contributors to sign the non-participant licensing commitments

how do I go about this?

Paging @samuelweiler, can you help with this?

[samuelweiler]

The CI has pointed out that I need to sign off on some licensing stuff. I'm not affiliated with any relevant organization, so probably this case applies:

Otherwise, the WG’s team contacts will request the contributors to sign the non-participant licensing commitments

how do I go about this?

Paging @samuelweiler, can you help with this?

@zenhack Thanks for asking. It's a multi-stage process, but it's also easy.

1. Create a w3c account, if you don't have one already.
2. Then connect your W3C & GitHub accounts.
3. Lastly, make the appropriate IPR commitment.

[zenhack]

I went through the process re: IPR, invited expert application is pending, thanks.

@mozfreddyb, could you also weigh in on the telemetry question?

[samuelweiler]

@zenhack I was apparently somewhat wrong about the process - or at least the links; you don't need to become an IE to do this. You should now have an email with the proper form.

[zenhack]

Quoting Samuel Weiler (2021-01-25 17:56:26)

@zenhack I was apparently somewhat wrong about the process - or at least the links; you don't need to become an IE to do this. You should now have an email with the proper form.

Yep, got it, and filled it out. Thanks.

…

-Ian

[zenhack]

The one big TODO still left is the integration section. My current thinking is that the constructor for RTCPeerConnection should call into the procedure specified here, before doing much of anything else. So this would probably affect this section of the spec:

https://www.w3.org/TR/webrtc/#constructor

afaik there are no other entry points that would need to be blocked. Thoughts?

[annevk]

If you block the constructor you'll also block postMessage() of it, right?

[zenhack]

Hm, that hadn't specifically been my intent, is it a corollary of some detail of how object transfer works that I'm unaware of?

Note that the discussion in w3c/mediacapture-extensions#16 (comment) is about transferring MediaStreamTrack, not RTCPeerConnection, so you wouldn't be able to postMessage() the RTCPeerConnection itself anyway, only tracks obtained from it.

Note that there's some suggestion of making RTCDataChannel transferrable as well:

w3c/webrtc-extensions#6

[sideshowbarker]

@annevk If this is merged, will that resolve #92?

[annevk]

I think so, even though it would be opt-in. We should try to avoid that with WebTransport.

[mikewest]

I was assuming Web Transport would tie into connect-src, just like web sockets?

[mikewest]

Also, this kind of thing still seems reasonable to me, but cc @antosart to evaluate this from Chromium's perspective.

[martinthomson]

¯\_(ツ)_/¯

[zenhack]

Ok, so I think we're just waiting on @annevk now.

[annevk]

Thank you @zenhack for your tireless efforts on fixing this gap in the web platform. It's unfortunate this is the best we can do due to web compatibility, but that's still a lot better than doing nothing at all.

I think it's worth updating #457 (comment) to explain the setup we ended up with.

This as well w3c/webrtc-extensions#81 look good to me.

Is there a web-platform-tests PR as well?

[zenhack]

Quoting Anne van Kesteren (2022-02-14 08:46:11)

I think it's worth updating [2]#457 (comment) to explain the setup we ended up with.

Done.

Is there a web-platform-tests PR as well?

There is not. I guess that's the next step then?

…

-Ian

[annevk]

@antosart can clarify that, but I would recommend at least writing some basic tests to ensure everyone is on the same page.

[antosart]

Yes, right. It would be great to have a basic web platform test before merging this one.

[zenhack]

Opened web-platform-tests/wpt#32914; could use feedback.

[annevk]

Thanks! It seems like that would be best reviewed by @alvestrand or @jan-ivar or someone of their choosing. Like @antosart I'm not familiar enough with WebRTC testing.

[youennf]

WPT test in web-platform-tests/wpt#32914 seems ready to land.
Can we merge this PR?

[jamesrez]

Can someone merge this please? I need this today. Thanks

[jan-ivar]

I don't have merge access in this repo, but I just merged the wpt this depended on, so maybe someone else can do the honors?

[antosart]

It is good to merge for me. Could you just fix a few stylistic nits? (I would have done it myself, but I have no edit rights on your repo). Thanks!

[antosart]

nit:

  "`Blocked`".

(swap " and .)

[antosart]

nit:

 `null`

(with backquotes)

[antosart]

nit: Pre-connect for consistency.

[antosart]

nit:

 "`Allowed`".

(with backquotes, and dot at the end).

[annevk]

@antosart weirdly enough I do have push access so I made the requested changes + one bonus.

[antosart]

Ok, then let's merge it.