Closed Bug 1215591 Opened 6 years ago Closed 2 years ago
Give add-ons a way to create RTCPeer
Connection not tied to untrusted hidden Window
To use WebRTC, add-ons have to (ab)use: new hiddenWindow.RTCPeerConnection(); But as Bug 1207784 comment 30 points out, the hiddenWindow is unprivileged on all platforms except OSX, and that issue adds a workaround to make this use work (always skip PeerConnection permission on hiddenWindow). As suggested by bz in #content today, the right long-term fix for this is to give add-ons an API to create an RTCPeerConnection not tied to an untrusted window. Add-ons should just be able to write: new RTCPeerConnection(); From a brief skim, PeerConnection seems to have no inherent functional need of a window other than to create other objects like DOMException, PeerConnectionObserver, etc. 10:27:20 - bz: So we'd need a bit of binding surgery 10:27:31 - bz: to allow passing through an arbitrary "caller global" there 10:27:33 - bz: not just a window 10:27:43 - bz: And make sure the relevant ctors are exposed on it And then we could deprecate RTCPeerConnection on hiddenWindow.
backlog: --- → webrtc/webaudio+
Priority: -- → P2
Mass change P2->P3 to align with new Mozilla triage process.
Priority: P2 → P3
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.