Skip to content

Commit

Permalink
Merge pull request #81 from zenhack/csp-integration
Browse files Browse the repository at this point in the history
Add a CSP check to RTCPeerConnection.addIceCandidate().
  • Loading branch information
jan-ivar authored Jun 15, 2022
2 parents 9729971 + acab467 commit cfd1425
Showing 1 changed file with 39 additions and 15 deletions.
54 changes: 39 additions & 15 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,30 @@ <h3>RTP header control</h3>
</p>
</section>
</section>
<section id="rtcpeerconnection-interface">
<h3>
{{RTCPeerConnection}} extensions
</h3>
<p>
The {{RTCPeerConnection}} interface is defined in [[WEBRTC]]. This document
extends that interface by using Content-Security-Policy for ICE candidate
filtering.
</p>
<section>
<h2>Modifications to existing procedures</h2>

<p>Append the following paragraph to the
<a data-cite="WEBRTC#dfn-administratively-prohibited">administratively prohibited</a>
algorithm:</p>

<p>If <a data-cite="CSP#should-block-rtc-connection">
should RTC connections be blocked for global?</a> with the
[=relevant global object=] of the {{RTCPeerConnection}} object in question
returns `"Blocked"`, then all candidates MUST be <a
data-cite="WEBRTC#dfn-administratively-prohibited">
administratively prohibited</a>.</p>
</section>
</section>
<section id="rtcrtptransceiver-interface">
<h3>
{{RTCRtpTransceiver}} extensions
Expand All @@ -109,7 +133,7 @@ <h3>
partial dictionary RTCRtpHeaderExtensionCapability {
RTCRtpTransceiverDirection direction = "sendrecv";
};

partial interface RTCRtpTransceiver {
undefined setOfferedRtpHeaderExtensions(
sequence&lt;RTCRtpHeaderExtensionCapability&gt; headerExtensionsToOffer);
Expand Down Expand Up @@ -422,7 +446,7 @@ <h2>Dictionary {{RTCRtpEncodingParameters}} Members</h2>
<div class="issue atrisk">
<p>
{{RTCRtpEncodingParameters/ptime}} was moved from [[WEBRTC]] to
this specification due to lack of support from implementers. It is
this specification due to lack of support from implementers. It is
therefore marked as a feature at risk.
</p>
</div>
Expand Down Expand Up @@ -802,7 +826,7 @@ <h3>Removed features</h3>
This section documents features that were moved from [[WEBRTC]] to this extension
specification due to lack of support from implementers.
</p>
<section id="rtcpeerconnection-interface">
<section id="removed-rtcpeerconnection-features">
<h3>
{{RTCPeerConnection}} extensions
</h3>
Expand Down Expand Up @@ -949,7 +973,7 @@ <h3>
<div class="issue atrisk">
<p>
The {{RTCOAuthCredential}} dictionary was moved from [[WEBRTC]] to
this specification due to lack of support from implementers. It is
this specification due to lack of support from implementers. It is
therefore marked as a feature at risk.
</p>
</div>
Expand Down Expand Up @@ -1082,12 +1106,12 @@ <h2>Dictionary {{RTCIceServer}} Members</h2>
<p>An example array of {{RTCIceServer}} objects is:</p>
<pre class="example highlight">
<code>{
urls: 'turns:turn2.example.net',
username: '22BIjxU93h/IgwEb',
credential: {
macKey: 'WmtzanB3ZW9peFhtdm42NzUzNG0=',
accessToken: 'AAwg3kPHWPfvk9bDFL936wYvkoctMADzQ5VhNDgeMR3+ZlZ35byg972fW8QjpEl7bx91YLBPFsIhsxloWcXPhA=='
},
urls: 'turns:turn2.example.net',
username: '22BIjxU93h/IgwEb',
credential: {
macKey: 'WmtzanB3ZW9peFhtdm42NzUzNG0=',
accessToken: 'AAwg3kPHWPfvk9bDFL936wYvkoctMADzQ5VhNDgeMR3+ZlZ35byg972fW8QjpEl7bx91YLBPFsIhsxloWcXPhA=='
},
credentialType: 'oauth'
}</code></pre>
</section>
Expand Down Expand Up @@ -1119,7 +1143,7 @@ <h3>
<div class="issue atrisk">
<p>
{{RTCRtpSynchronizationSource/voiceActivityFlag}} was moved from [[WEBRTC]] to
this specification due to lack of support from implementers. It is therefore
this specification due to lack of support from implementers. It is therefore
marked as a feature at risk.
</p>
</div>
Expand All @@ -1130,7 +1154,7 @@ <h3>
<section class="informative">
<h2>
Security Considerations
</h2>
</h2>
<p>
This section is non-normative; it specifies no new behaviour.
The overall security considerations of the general set
Expand All @@ -1154,14 +1178,14 @@ <h2>
<p>
This document defines extensions for encryption of RTP Header Extensions which
improve the confidentiality of communications by encrypting header extension
IDs, as well as CSRCs.
IDs, as well as CSRCs.
</p>
</section>
</section>
<section class="informative">
<h2>
Privacy Considerations
</h2>
</h2>
<p>
This section is non-normative; it specifies no new behaviour.
</p>
Expand All @@ -1172,7 +1196,7 @@ <h2>
<p>
The extensions defined in this document do not reveal additional
information on IP addresses beyond that already described in
[[WEBRTC]] Section 13.2.
[[WEBRTC]] Section 13.2.
</p>
</section>
<section>
Expand Down

0 comments on commit cfd1425

Please sign in to comment.