fix: Enable UDP Host Candidates for VoIP on macOS MAS Builds #3029
+38
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows installer download |
Linux installer download |
macOS installer download |
jeanfbrito
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses an issue where VoIP calls on macOS builds distributed via the Mac App Store were not generating UDP host ICE candidates. This limited the types of connections that could be established, potentially impacting call quality and reliance on TURN servers.
The problem was traced back to missing entitlements required for the application to perform the necessary network operations (specifically, listening for incoming UDP connections on the local network) within the macOS sandbox environment.
The core solution involves adding the
com.apple.security.network.serverentitlement to the entitlement files used for macOS builds:com.apple.security.network.servertobuild/entitlements.mas.plist, which is used for the final Mac App Store submission builds.com.apple.security.network.servertobuild/entitlements.mas.inherit.plist, which is used for local development/debugging builds that simulate the MAS environment. This file was also updated to include other necessary functional entitlements andcom.apple.security.get-task-allowfor debugging.build/entitlements.mac.plist, used for non-MAS hardened runtime builds, was reviewed and already contained the necessarycom.apple.security.network.serverentitlement.Additionally, the
electron-builder.jsonconfiguration was updated to explicitly point themacandmasbuild targets to use these respective entitlement files (build/entitlements.mac.plist,build/entitlements.mas.plist,build/entitlements.mas.inherit.plist), ensuring the correct permissions are applied during the build process.By including the appropriate network entitlements, the application should now have the necessary permissions on macOS MAS builds to generate UDP host candidates, improving the chances of establishing direct peer-to-peer connections for VoIP calls.
Further testing is required on a MAS-like build using the programmatic
RTCPeerConnection.getStats()API to confirm UDP host candidates are now being generated.