Your returned webrtc peerConnection Config is out of spec

user6665 · March 17, 2025, 4:45pm

For Workers & Pages, what is the name of the domain?

NOT APPLICABLE

What is the issue or error you’re encountering

SEE BELOW. SEE BELOW. SEE BELOW. SEE BELOW. SEE BELOW. SEE BELOW. SEE BELOW.

What steps have you taken to resolve the issue?

Your webrtc peer connection config is out of spec.

when I call:

curl -X POST \ -H “Authorization: Bearer REMOVED” \ -H “Content-Type: application/json” -d ‘{“ttl”: 86400}’ \ https://rtc.live.cloudflare.com/v1/turn/keys/REMOVED/credentials/generate

you return:

{“iceServers”:{“urls”:[“stun:stun.cloudflare.com:3478”,”stun:stun.cloudflare.com:53”,”turn:turn.cloudflare.com:3478?transport=udp”,”turn:turn.cloudflare.com:53?transport=udp”,”turn:turn.cloudflare.com:3478?transport=tcp”,”turn:turn.cloudflare.com:80?transport=tcp”,”turns:turn.cloudflare.com:5349?transport=tcp”,”turns:turn.cloudflare.com:443?transport=tcp”],”username”:”REMOVED”,”credential”:”REMOVED”}}

when the webrtc spec requires the iceServers value must be an array.
see: RTCPeerConnection: RTCPeerConnection() constructor - Web APIs | MDN

For now I am having to work around this by transforming your invalid structure into a valid one.
I believe your intention is to be able to pass your response directly to the webrtc client, because your docs say such.
But it will crash if you do so right now.

This cannot be working for anyone currently.
Please wrap your returned iceServers value in an array.

What are the steps to reproduce the issue?

Your webrtc peer connection config is out of spec.

when I call:

curl -X POST \ -H “Authorization: Bearer REMOVED” \ -H “Content-Type: application/json” -d ‘{“ttl”: 86400}’ \ https://rtc.live.cloudflare.com/v1/turn/keys/REMOVED/credentials/generate

you return:

{“iceServers”:{“urls”:[“stun:stun.cloudflare.com:3478”,”stun:stun.cloudflare.com:53”,”turn:turn.cloudflare.com:3478?transport=udp”,”turn:turn.cloudflare.com:53?transport=udp”,”turn:turn.cloudflare.com:3478?transport=tcp”,”turn:turn.cloudflare.com:80?transport=tcp”,”turns:turn.cloudflare.com:5349?transport=tcp”,”turns:turn.cloudflare.com:443?transport=tcp”],”username”:”REMOVED”,”credential”:”REMOVED”}}

when the webrtc spec requires the iceServers value must be an array.
see: RTCPeerConnection: RTCPeerConnection() constructor - Web APIs | MDN

For now I am having to work around this by transforming your invalid structure into a valid one.
I believe your intention is to be able to pass your response directly to the webrtc client, because your docs say such.
But it will crash if you do so right now.

This cannot be working for anyone currently.
Please wrap your returned iceServers value in an array.

user6665 · March 17, 2025, 5:03pm

I’m doing a downstream conditional work around that will continue to work after you guys fix this.

for reference:

fetchPcConfig reaches to my backend and relays your return value to the client.

const fetchedPcConfig = await fetchPcConfig()

const patchedPcConfig = {
…fetchedPcConfig,
iceServers:
typeof fetchedPcConfig.iceServers === ‘object’
? [fetchedPcConfig.iceServers]
: fetchedPcConfig.iceServers
}

const peerConnection = new window.RTCPeerConnection(patchedPcConfig)

nils6 · March 19, 2025, 5:10am

Yes that is a known limitation of the current credentials endpoint. We are working on a new endpoint without this limitation.

Topic		Replies	Views
LiveStream connection via whip webrtc python apis Stream	0	51	August 26, 2024
Connection reset by peer DNS & Network	3	1553	December 19, 2023
HTTP2_SESSION_RECV_RST_STREAM Website, Application, Performance	6	1547	September 12, 2023
Websocket: bad handshake Cloudflare Tunnel	2	890	August 30, 2023
Cloudlfare Tunnel for WebRTC Cloudflare Tunnel	0	1277	April 20, 2023

Your returned webrtc peerConnection Config is out of spec

For Workers & Pages, what is the name of the domain?

What is the issue or error you’re encountering

What steps have you taken to resolve the issue?

What are the steps to reproduce the issue?

Related topics