To determine whether a connection should be automatically accepted, it would be useful to know the origin of the connection.
In case of the internal discovery method, we can make sure the created iframe has referrerpolicy set to something permissive.
The iframe can then pass on the referrer to the shared worker.
This allows other clients to determine whether they want to automatically accept connections or not.
The WebRtcDiscoveryMethod won't really be able to make use of this unfortunately.
Since anyone can open a connection to the WebSocket, they could easily spoof the origin header.
To determine whether a connection should be automatically accepted, it would be useful to know the origin of the connection. In case of the internal discovery method, we can make sure the created iframe has
referrerpolicy
set to something permissive. The iframe can then pass on the referrer to the shared worker. This allows other clients to determine whether they want to automatically accept connections or not.The WebRtcDiscoveryMethod won't really be able to make use of this unfortunately. Since anyone can open a connection to the WebSocket, they could easily spoof the origin header.