Contrib.social

Unrecognized Content-Security-Policy directive 'webrtc' in browser console

Open on Drupal.org →
Created on 2 September 2024, 2 months ago
Updated 3 September 2024, 2 months ago

Hello,

in the latest version of the module (2.0.2) I get the following in the dev console:

"Unrecognized Content-Security-Policy directive 'webrtc'."

Per default it's blocked which should be ok, but it seems, the rule might be broken?

Thanks for clearification if it's a bug.

Bye Defcon0

🐛 Bug report
Status

Closed: works as designed

Version

2.0

Component

Code

Created by

Defcon0

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @Defcon0
  • Status changed to Closed: works as designed 2 months ago
  • Comment 2 months ago
    🇨🇦Canada gapple

    The webrtc directive is defined in the CSP spec, but is not yet implemented by all browsers. The message is only displayed in the browser console, and it does not send a violation report if you have configured a reporting option.
    https://www.w3.org/TR/CSP3/#directive-webrtc

    The module config form defaults to 'block' when enabled, but if the directive is not yet supported by a browser (or not present in the policy), then webrtc connections are allowed by the browser by default (webrtc 'allow' is explicit, but functionally the same as omitting the directive). Nothing you can do about that, but if you're not using webrtc and want browsers to block it when they add support, you can enable the directive with 'block' now.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024