You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We would like global support for an exfiltration proof sandbox for running custom apps in Peergos in the browser, including on localhost. Our design uses iframes on random subdomains which are sand-boxed using CSP and COOP, COEP. This works in Firefox and Chrome based browsers (modulo webrtc based exfiltration), but not at all in Safari. We describe the architecture, motivation and use case more in this talk.
There are three high level issues blocking this at the moment. The first is stopping exfiltration via webrtc. This is discussed in the web spec here.
The browser issues for implementing the CSP webrtc switch are Chrome, Firefox and Safari.
We would like global support for an exfiltration proof sandbox for running custom apps in Peergos in the browser, including on localhost. Our design uses iframes on random subdomains which are sand-boxed using CSP and COOP, COEP. This works in Firefox and Chrome based browsers (modulo webrtc based exfiltration), but not at all in Safari. We describe the architecture, motivation and use case more in this talk.
There are three high level issues blocking this at the moment. The first is stopping exfiltration via webrtc. This is discussed in the web spec here.
The browser issues for implementing the CSP webrtc switch are Chrome, Firefox and Safari.
The 2nd issue is safari not enabling service workers and writable streams in a sand-boxed iframe. We have written a demo for this on both localhost and a public domain here: https://github.com/Peergos/iframe-sw-streams (The public example is at https://safaribug.peergos.com/The 3rd issue is safari not supporting localhost subdomains.
The text was updated successfully, but these errors were encountered: