At the moment, WebRTC does not check if connections are okay by content policies <https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy> .
WebRTC data channels as a side channel around content policy has potential for abuse. For example, ad blockers use content policy to block ads, so advertisers may be able to load their ads on a page using data channels where the traditional methods would be blocked. Two possible solutions other than checking WebRTC connections against content policies exist: - Require a doorhanger prompt for all data channel connections. - Require ad blockers and other extension developers to create a wrapper around PeerConnection or RTCDataChannel. This is what uBlock Origin does on chrome <https://github.com/gorhill/uBO-WebSocket> for WebSockets. Are there opinions or thoughts on the pros/cons of including WebRTC connections in content policies? Paul Ellenbogen _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
