When we imagined the plugins SDK, security was a requirement from the beginning.
We ensure plugins and users security at multiple levels :
This means that plugins inherit from iframe security and more specifically their
Plugins are scoped to a Room and cannot access information outside of the Room context.
They cannot interact with other plugins or other events.
The entire plugins publication is restricted by an API key that is specific to your organization and following the JWT security standard. That, on top of SSL protocol ensures the integrity of the plugins you publish.
As stated above, your code is executed inside a sandbox. That means that it is not shared with Livestorm core and therefore its scope and variables are not altered.
Furthemore, the origin of the iframe is null, meaning that you cannot directly call Livestorm HTTP endpoints. This prevents developers from accessing data we do not intend to share with plugins.
Plugins being executed by a browser, keep in mind that the code of a plugin can obviously be retrieved and read by the client, via the console of your browser (just like any website you visit).
Just like an app would on a phone, plugins have the ability to access some information such as (user list, messages, event name, and potentially streams if a camera effect is activated).
Of course, all the data accessible by a plugin is data users consented to share with Livestorm.
Plugins installed from the marketplace are verified by Livestorm and we are responsible for their actions in the room.
However, when installing an open source plugin, you become responsible for its code and actions inside the room. For instance, you should always make sure that plugins do not share unwanted data to third parties by making outside network calls.
For instance, Streams API may be doing some GPU intensive tasks to detect things inside streams, or add filters : this is something that should be heavily monitored and tested on multiple browsers.
When developing a plugin, you are given access to APIs that allow you to completely customize some parts of the Room (streams, modals, chat, etc).
Even though we willingly allow developers to customize Livestorm, it remains mandatory that plugins respect Livestorm UI and guidelines.
These guidelines will be verified whenever you want to publish your plugin to the marketplace.
Updated 4 months ago