erosman
commented
2 years ago There are browser bugs relating to the issue of WebRTC bypassing browser proxy settings. We are waiting for them to be fixed.
Open agowa opened 2 years ago
erosman
commented
2 years ago There are browser bugs relating to the issue of WebRTC bypassing browser proxy settings. We are waiting for them to be fixed.
ericjung
commented
2 years ago @erosman are you planning to add a global option to disable WebRTC with this setting in v8.0?
erosman
commented
2 years ago That might go beyond the scope of FoxyProxy. It also require "privacy" permission.
On Chrome it is possible to limit WebRTC. On Firefox, the option is to disable WebRTC completely which may not be desired.
I have already filed a bug and I am waiting for a response. WebRTC bypasses Network settings & proxy.onRequest
ericjung
commented
2 years ago That might go beyond the scope of FoxyProxy.
I do not agree. FoxyProxy is a proxy extension with privacy-related tools built-in. FoxyProxy already can delete cache, cookies, indexedDB storage, DOM local storage, plugin data, service worker data.
It also require "privacy" permission.
That is ok. This is a privacy-related extension, after all.
On Chrome it is possible to limit WebRTC.
ok
On Firefox, the option is to disable WebRTC completely which may not be desired.
As long as user is informed, there is no problem. Most people do not want WebRTC on all the time anyway. It is not used often and there is no need to keep it turned on.
I have already filed a bug and I am waiting for a response. WebRTC bypasses Network settings & proxy.onRequest
Be aware that WebRTC over UDP can never be proxied. Proxy servers do not proxy UDP traffic, only TCP. As I understand WebRTC can work over UDP or TCP, but it "prefers" UDP (tries UDP first). So this bug could possibly be implemented, but only for WebRTC over TCP which seems to be a smaller set of uses than WebRTC over UDP.
agowa
commented
2 years ago Be aware that WebRTC over UDP can never be proxied. Proxy servers do not proxy UDP traffic, only TCP.
Not quite. As of August 2022 (last month), it's now possible. Quick uses UDP instead of TCP. Therefore the IETF spent time creating this recently CONNECT-UDP. Proxying UDP in HTTP (RFC 9298)
erosman
commented
2 years ago It also require "privacy" permission.That is ok. This is a privacy-related extension, after all.
OK... but from personal experience ...... Back in Oct 2021, I added an option to save/download extension settings which requires "downloads" permission to one of my addons that is recommended on Firefox. Although "downloads" permission is very safe and inconsequential permission, over half users refused to upgrade to the latest version complaining about the new "downloads" permission. There were even abuse report and poor review rating over it. Today, a third of the users are still using the previous version.
:pushpin: Be aware of new permission and user reaction.
erosman
commented
2 years ago I have added the code to limit WebRTC in FoxyProxy v8.0 (once released). I have also set "privacy" as optional permission (for now).
Optional Permission
ericjung
commented
2 years ago Be aware that WebRTC over UDP can never be proxied. Proxy servers do not proxy UDP traffic, only TCP.
Not quite. As of August 2022 (last month), it's now possible. Quick uses UDP instead of TCP. Therefore the IETF spent time creating this recently CONNECT-UDP. Proxying UDP in HTTP (RFC 9298)
Interesting. Are you aware of announcements from squid or other proxy server software announcing they will support it?
ericjung
commented
2 years ago I have added the code to limit WebRTC in FoxyProxy v8.0 (once released). I have also set "privacy" as optional permission (for now).
Optional Permission
- pro: no shock to user on upgrade
- pro: not used if not actioned
- con: every time actioned, there will be a popup asking for permission
- con: making a toggle on/off cumbersome as getting the current value requires the permission
This is great! I think toggling this on/off is going to be very rare. (Turn it off once and ignore). So Optional Permission is the perfect approach.
agowa
commented
2 years ago I created a feature request for Squid right now. So let's see what the devs say. https://bugs.squid-cache.org/show_bug.cgi?id=5233
WebRTC is not configured correctly in chromium. The option "Disable non-proxied UDP (force proxy)" (
chrome.privacy.IPHandlingPolicy.DISABLE_NON_PROXIED_UDP) is not set by this extension. I don't know how to proxy UDP, but this option at least resolves connection errors when webapps try to establish webrtc without using the correct proxy specified within foxyproxy.