Bug 1895767 [wpt PR 46169] - Disable WebRTC RTCPeerConnection in fenc…

…ed frames., a=testonly Automatic update from web-platform-tests Disable WebRTC RTCPeerConnection in fenced frames. WebRTC is one form of network communication that should be disabled when window.fence.disableUntrustedNetwork is called in a fenced frame. However, 1. We don't have any identified use cases for WebRTC in fenced frames 2. The revocation process would be more involved than other forms of network access, which would provide little benefit per #1. 3. Entirely disabling WebRTC PeerConnection instead is beneficial for privacy and does not break existing fenced frame use cases. This CL disables RTCPeerConnection construction entirely in fenced frames, regardless of whether window.fence.disableUntrustedNetwork was called or not. The change is behind an existing flag so that it does not ship until other forms of network revocation do. Disabling RTCPeerConnection *can* be handled entirely by the renderer, but a compromised renderer could potentially circumvent this to construct a peer connection anyway. A follow-up CL will add a browser-side control to ensure that this does not occur. Change-Id: Iaa2caaddeee70852179332dd89c5dbbac3ffcfbf Bug: 41488151 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5527514 Reviewed-by: Guido Urdaneta <[email protected]> Commit-Queue: Andrew Verge <[email protected]> Reviewed-by: Liam Brady <[email protected]> Reviewed-by: Shivani Sharma <[email protected]> Cr-Commit-Position: refs/heads/main@{#1319162} -- wpt-commits: bf8449f4dd09ec5c37c774981d884e67695cbbdd wpt-pr: 46169
i3roly · Jun 28, 2024 · b44a841 · b44a841
1 parent fee4d90
commit b44a841
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/testing/web-platform/tests/fenced-frame/webrtc-peer-connection.https.html b/testing/web-platform/tests/fenced-frame/webrtc-peer-connection.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/utils.js"></script>
+<title>Test that RTCPeerConnection construction fails in a fenced frame.</title>
+
+<body>
+  <script>
+    promise_test(async (t) => {
+      let fencedframe = attachFencedFrameContext();
+      return fencedframe.execute(() => {
+        try {
+          // Copied from https://webrtc.org/getting-started/peer-connections.
+          // The contents of the configuration object doesn't matter here,
+          // because construction should fail before the information becomes
+          // relevant.
+          const configuration = {
+            'iceServers': [{'urls': 'stun:stun.example.com:19302'}]
+          };
+          const peerConnection = new RTCPeerConnection(configuration);
+          assert_unreached("RTCPeerConnection construction should fail in a " +
+                           "fenced frame");
+        } catch (err) {
+          assert_equals(err.name, "NotAllowedError");
+        }
+      });
+    }, "Test that RTCPeerConnection construction fails in a fenced frame.");
+
+  </script>
+</body>