Glen

As noted in #35 this is partially implemented in Chrome but is currently blocked on increased security features to support it.

Although apps on many platforms can open sockets freely, we do not think being installed/running as a PWA is a sufficient security mitigation for web apps. As noted above, this...

As noted in #35 this is currently blocked on increased security features to support it. Those security features would hopefully address the issues raised by the TAG. Sorry for being...

You're correct. IWAs encompass the "increased security features" that are intended to allow Direct Sockets and other powerful APIs to become available to the (packaged, isolated) web.

@ericwilligers should we add this to the potential use-cases in the explainer?

The project is partially implemented and still intended to go ahead, but is on hold awaiting a more-secure context than is currently available. Work is happening on that front but...

Reopening just so other people can see this instead of starting new issues. We do still intend to get this shipped eventually, but I don't really expect it to happen...

I believe you can test it using the `--enable-blink-features=DirectSockets --enable-features=DirectSockets --restricted-api-origins=https://www.foo.com,https://www.bar.com` command-line arguments on non-managed devices. Update: [Also set cross-origin HTTP headers as mentioned by yume-chan](https://github.com/WICG/direct-sockets/issues/35#issuecomment-992120727)

restricted-api-origins was added in M99. Before M99 it shouldn't be needed

[See yume-chan's response above](https://github.com/WICG/direct-sockets/issues/35#issuecomment-992120727)