WebTransport安全与来源治理（队列/流/端点白名单）最佳实践

背景与价值WebTransport提供基于QUIC的低延时通道。需对端点来源进行白名单治理并管理双向流与队列，保障安全与稳定。统一规范端点白名单：仅允许受控域与路径前缀。会话治理：建立后校验 `ready` 与错误处理，异常断开。消息队列：推送前限速与队列化，避免资源耗尽。核心实现端点校验与会话管理const allowOrigins = new Set(['https://transport.example.com']) function originAllowed(url: string): boolean { try { const u = new URL(url); return allowOrigins.has(u.origin) && u.pathname.startsWith('/session') } catch { return false } } async function openTransport(url: string): Promise<any | null> { if (!originAllowed(url)) return null try { // @ts-ignore const t = new (window as any).WebTransport(url) await t.ready return t } catch { return null } } 队列与流治理class Rate { tokens = 0; cap = 50; last = Date.now(); refill(rps = 10) { const now = Date.now(); const add = ((now - this.last) / 1000) * rps; this.tokens = Math.min(this.cap, this.tokens + add); this.last = now } take(n = 1): boolean { this.refill(); if (this.tokens >= n) { this.tokens -= n; return true } return false } } class Queue { q: Uint8Array[] = []; push(d: Uint8Array) { this.q.push(d) } pop(): Uint8Array | undefined { return this.q.shift() } len(): number { return this.q.length } } async function sendDatagrams(t: any, q: Queue, rate: Rate) { if (!t?.datagrams?.writable) return try { const w = t.datagrams.writable.getWriter() while (q.len() > 0) { if (!rate.take()) { await new Promise(r => setTimeout(r, 50)); continue } const d = q.pop()! await w.write(d) } w.releaseLock() } catch {} } 落地建议仅对白名单端点开启WebTransport会话，建立后按队列与速率治理消息。统一错误处理与断开策略，避免资源泄露与异常外联。验证清单端点是否命中白名单；会话是否就绪与错误处理完善；消息是否按队列与速率发送。