From 9375e0fcfc31135676a94ba27aefefcab1310b5c Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Sun, 30 May 2021 14:37:38 -0400 Subject: [PATCH 01/12] Add a CSP check to RTCPeerConnection.constructor(). Corresponding change to CSP spec: https://github.com/w3c/webappsec-csp/pull/457 --- index.html | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 63cf96e..a36d995 100644 --- a/index.html +++ b/index.html @@ -101,7 +101,8 @@

The {{RTCPeerConnection}} interface is defined in [[WEBRTC]]. This document extends that interface - by adding an additional static method. + by adding an additional static method, and adding a Content-Security-Policy + check to the constructor.

partial interface RTCPeerConnection {
   static sequence<RTCIceServer> getDefaultIceServers();
@@ -139,6 +140,13 @@ 

Methods

+
+

Modifications to existing procedures

+ +

In the Constructor algorithm, + add a step right before step 2 saying "Run [[WEBAPPSEC-CSP#should-block-rtc-connection]] + on the current global object. Throw a {{NotAllowedError}} if it returns `Blocked`."

+

From 256fd09f1eae360b9e82ae0244b23e0c061d25c4 Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Tue, 1 Jun 2021 16:03:13 -0400 Subject: [PATCH 02/12] Avoid referencing step numbers. Co-authored-by: Jan-Ivar Bruaroey --- index.html | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index a36d995..d0205a2 100644 --- a/index.html +++ b/index.html @@ -143,9 +143,15 @@

Methods

Modifications to existing procedures

-

In the Constructor algorithm, - add a step right before step 2 saying "Run [[WEBAPPSEC-CSP#should-block-rtc-connection]] - on the current global object. Throw a {{NotAllowedError}} if it returns `Blocked`."

+

Whenever the RTCPeerConnection constructor + algorithm is invoked, run the following steps instead: +

    +
  1. If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global object returns "Blocked", + throw a {{NotAllowedError}}."
  2. +
  3. Return the result of running the original + RTCPeerConnection constructor algorithm.
  4. +
+

From 99fcce0c82000e5d7b3ec6417a8259fa92e8c93f Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Wed, 2 Jun 2021 12:14:28 -0400 Subject: [PATCH 03/12] Link to #constructor rather than #dom-peerconnection --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index d0205a2..29f4927 100644 --- a/index.html +++ b/index.html @@ -143,13 +143,13 @@

Methods

Modifications to existing procedures

-

Whenever the RTCPeerConnection constructor +

Whenever the RTCPeerConnection constructor algorithm is invoked, run the following steps instead:

  1. If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global object returns "Blocked", throw a {{NotAllowedError}}."
  2. Return the result of running the original - RTCPeerConnection constructor algorithm.
  3. + RTCPeerConnection constructor algorithm.

From c63021b69bc1a302e7c3d66453eee160d901a196 Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Wed, 2 Jun 2021 12:16:57 -0400 Subject: [PATCH 04/12] Throw SecurityError instead of NotAllowedError --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 29f4927..60de394 100644 --- a/index.html +++ b/index.html @@ -147,7 +147,7 @@

Modifications to existing procedures

algorithm is invoked, run the following steps instead:
  1. If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global object returns "Blocked", - throw a {{NotAllowedError}}."
  2. + throw a {{SecurityError}}."
  3. Return the result of running the original RTCPeerConnection constructor algorithm.
From 49df482ebc74bd73bd434b275ec8f93bcd715d5d Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Sun, 3 Oct 2021 16:03:39 -0400 Subject: [PATCH 05/12] Change CSP extension to use administrative prohibiting As discussed on the pr. --- index.html | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/index.html b/index.html index dfb7553..da126b5 100644 --- a/index.html +++ b/index.html @@ -101,8 +101,8 @@

The {{RTCPeerConnection}} interface is defined in [[WEBRTC]]. This document extends that interface - by adding an additional static method, and adding a Content-Security-Policy - check to the constructor. + by adding an additional static method, and using Content-Security-Policy + for ICE candidate filtering.

partial interface RTCPeerConnection {
   static sequence<RTCIceServer> getDefaultIceServers();
@@ -143,15 +143,11 @@ 

Methods

Modifications to existing procedures

-

Whenever the RTCPeerConnection constructor - algorithm is invoked, run the following steps instead: -

    -
  1. If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global object returns "Blocked", - throw a {{SecurityError}}."
  2. -
  3. Return the result of running the original - RTCPeerConnection constructor algorithm.
  4. -
-

+

Append the following paragraph to the description of + RTCPeerConnection.addIceCandidate:

+ +

If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global + object returns "Blocked", all candidates MUST be prohibited.

From 5136f5cad82bcd185f9f742e46913a5ff8ba76fa Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Fri, 8 Oct 2021 18:41:09 -0400 Subject: [PATCH 06/12] Fix link --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index da126b5..3829560 100644 --- a/index.html +++ b/index.html @@ -144,7 +144,7 @@

Methods

Modifications to existing procedures

Append the following paragraph to the description of - RTCPeerConnection.addIceCandidate:

+ addIceCandidate:

If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global object returns "Blocked", all candidates MUST be prohibited.

From f4385e606668ecf5047d4afcdb5fb60dc6c3e28d Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Sun, 24 Oct 2021 12:06:51 -0400 Subject: [PATCH 07/12] Link to definition of "administratively prohibited" Per Jan's suggestion. --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 3829560..fbffa75 100644 --- a/index.html +++ b/index.html @@ -147,7 +147,7 @@

Modifications to existing procedures

addIceCandidate:

If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global - object returns "Blocked", all candidates MUST be prohibited.

+ object returns "Blocked", all candidates MUST be [[WEBRTC#dfn-administratively-prohibited]]

From 6511a9d8c3c82881ac0fbdb3650e301a96059d2a Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Sun, 24 Oct 2021 12:13:22 -0400 Subject: [PATCH 08/12] Fix citation markup This had not been rendering properly. No content change. --- index.html | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index fbffa75..a2d0033 100644 --- a/index.html +++ b/index.html @@ -146,8 +146,10 @@

Modifications to existing procedures

Append the following paragraph to the description of addIceCandidate:

-

If [[WEBAPPSEC-CSP#should-block-rtc-connection]] on the current global - object returns "Blocked", all candidates MUST be [[WEBRTC#dfn-administratively-prohibited]]

+

If + should-block-rtc-connection on the current global object returns + "Blocked", all candidates MUST be + administratively prohibited.

From 5696895b1d91494168b8bcfa2710e9ef4866a076 Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Thu, 6 Jan 2022 10:30:06 -0500 Subject: [PATCH 09/12] Refer to adminsistratively prohibited, not addIceCandidate ...since this may be moved to its own section in the future. --- index.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index a2d0033..0e35bcf 100644 --- a/index.html +++ b/index.html @@ -143,8 +143,9 @@

Methods

Modifications to existing procedures

-

Append the following paragraph to the description of - addIceCandidate:

+

Append the following paragraph to the + administratively prohibited + algorithm:

If should-block-rtc-connection on the current global object returns From c43451127a31f75325105ddd1c5dc0a5a13ed2ae Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Sat, 23 Apr 2022 01:04:56 -0400 Subject: [PATCH 10/12] Remove duplicate section getDefaultIceServers(). I'd added this back in when fixing merge conflicts, but it's been moved to a different section. This commit fixes it so only the CSP stuff is in this section. --- index.html | 43 +++---------------------------------------- 1 file changed, 3 insertions(+), 40 deletions(-) diff --git a/index.html b/index.html index db31b1c..9bc5c88 100644 --- a/index.html +++ b/index.html @@ -100,47 +100,10 @@

{{RTCPeerConnection}} extensions

- The {{RTCPeerConnection}} - interface is defined in [[WEBRTC]]. This document extends that interface - by adding an additional static method, and using Content-Security-Policy - for ICE candidate filtering. + The {{RTCPeerConnection}} interface is defined in [[WEBRTC]]. This document + extends that interface by using Content-Security-Policy for ICE candidate + filtering.

-
partial interface RTCPeerConnection {
-  static sequence<RTCIceServer> getDefaultIceServers();
-};
-
-

Methods

-
-
getDefaultIceServers
-
-

Returns a list of ICE servers that are configured into the - browser. A browser might be configured to use local or private - STUN or TURN servers. This method allows an application to learn - about these servers and optionally use them.

-

This list is likely to be persistent and - is the same across origins. It thus increases the - fingerprinting surface of the browser. In privacy-sensitive - contexts, browsers can consider mitigations such as only - providing this data to whitelisted origins (or not providing it - at all.)

-

Since the use of this information is left to - the discretion of application developers, configuring a user - agent with these defaults does not per se increase a user's - ability to limit the exposure of their IP addresses.

-

If set, the configured default ICE servers exposed by - {{RTCPeerConnection/getDefaultIceServers}} on - {{RTCPeerConnection}} instances provides persistent - information across time and origins which increases the fingerprinting - surface of a given browser.

-
-

{{RTCPeerConnection/getDefaultIceServers()}} was moved from [[WEBRTC]] to - this extension spec due to lack of support from implementers and - concerns discussed in webrtc-pc#2023.

-
-
-
-

Modifications to existing procedures

From 170f6c17dc80c0a6a1baa5d92fcfa9f6238c9281 Mon Sep 17 00:00:00 2001 From: Ian Denhardt Date: Tue, 14 Jun 2022 18:27:32 -0400 Subject: [PATCH 11/12] Update index.html Co-authored-by: Jan-Ivar Bruaroey --- index.html | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 9bc5c88..39fb9cb 100644 --- a/index.html +++ b/index.html @@ -111,9 +111,11 @@

Modifications to existing procedures

administratively prohibited algorithm:

-

If - should-block-rtc-connection on the current global object returns - "Blocked", all candidates MUST be +

If + should RTC connections be blocked for global? with the + [=relevant global object=] of the {{RTCPeerConnection}} object in question + returns `"Blocked"`, then all candidates MUST be administratively prohibited.

From acab467a88d26dd134d528c8cf9de363940ff67d Mon Sep 17 00:00:00 2001 From: Jan-Ivar Bruaroey Date: Wed, 15 Jun 2022 13:34:55 -0400 Subject: [PATCH 12/12] =?UTF-8?q?Fix=20Duplicate=20=E2=80=9Crtcpeerconnect?= =?UTF-8?q?ion-interface=E2=80=9D=20ID=20to=20unblock=20merge?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 39fb9cb..9e51467 100644 --- a/index.html +++ b/index.html @@ -701,7 +701,7 @@

Removed features

This section documents features that were moved from [[WEBRTC]] to this extension specification due to lack of support from implementers.

-
+

{{RTCPeerConnection}} extensions