Selectively allow websockets
Firefox supports Websockets, which allows servers to push arbitrary data to the client, instead of having to rely on polling methods via HTTP and JS. Whilst solving one problem, it creates another. I do not like the idea that any website can just ask Firefox to make a persistent WS connection without my consent. The same is true for service workers, but (unlike websockets) i'm not at all interested in using those. Luckily there's a configuration option to disable support for websockets, network.websocket.enabled, wich is exactly what i've done.
Is there a way to selectively allow websockets, based on IP or domain? If not, why isn't there one? Am i really the lone outsider who's concerned about security?
Opaite Mbohovái (4)
There are permission settings for notifications in "Settings -> Privacy & Security -> Permissions". See also the permissions in "Tools -> Page Info -> Permissions".
Thanks cor-el, that's certainly the place where one would expect such a setting to reside, but the ones that i'm looking for aren't there. There's nothing specific for websockets (nor service workers). The closest option is allowing or disallowing in-browser notifications, which were already set to disallow.
Seeing that websockets were first supported in Firefox 11 (89 releases ago), it boggles my mind why this question hasn't been asked before and is only now starting to be noticable on websites.
here's something I found:
Are WebSockets obsolete? Websockets are largely obsolete because nowadays, if you create a HTTP/2 fetch request, any existing keepalive connection to that server is used, so the overhead that pre-HTTP/2 XHR connections needed is lost and with it the advantage of Websockets.
Service Workers do not work with websites if you let the cookies expire when you close Firefox (Delete cookies and site data when Firefox is closed) unless you have created a cookie allow exception for this origin. You should see a message about this in the Web Console.