Open igorfry opened 4 years ago
Won't this bring security issues? Let's say a hacker knows your web phone app supports auto-answer feature. He just sends a SIP invite with auto answer header to your app. Your app auto answers it and he starts spying you by listening to the voice from your side.
Not sure I understand how the hacker can send such invite to my app. Auto-answer feature is generic signalling feature and wildly used in Polycom, Cisco, etc. So there should be no security issues.
Added auto answer support at the app level. I will bring this into the SDK in my next release
Initiate sip:INVITE with auto-answer header to webRTC RC endpoint
Expected: webRTC Client accepts invite and shows in-progress call (like User clicked "Answer" button). Actual: pre-call control popup is displayed during 3 seconds and disappears.
auto-answer header Actually we send both recommended for Polycom and Cisco formats, but better to use Polycom one (Alert-Info)
Reproduced on the following Clients: RingCentral for Google Version 4.2.3, RC App (dThor)
List of APIs initiating sip:Ivite with auto-answer: Call Out https://developers.ringcentral.com/api-reference/Call-Control/createCallOutCallSession Supervise https://developers.ringcentral.com/api-reference/Call-Control/superviseCallSession Answer https://developers.ringcentral.com/api-reference/Call-Control/answerCallParty Pickup https://developers.ringcentral.com/api-reference/Call-Control/pickupCallParty
Call Out request example:
sip:INVITE examples for RC Phone app desktop: