From a1dabf3c1a36e27ff63f0d24c25a70710fff62cf Mon Sep 17 00:00:00 2001
From: Raymond Hill <rhill@raymondhill.net>
Date: Fri, 28 Feb 2020 14:30:40 -0500
Subject: [PATCH] Use `disable_non_proxied_udp` for `webRTCIPHandlingPolicy`

The stricter mode `disable_non_proxied_udp` is preferable
to `default_public_interface_only` to prevent local IP
address leakage through WebRTC.

This mode is properly supported since Firefox 70, so the
less strict `default_public_interface_only` will now be
used only for Firefox 69 and older.
---
 platform/chromium/vapi-background.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/platform/chromium/vapi-background.js b/platform/chromium/vapi-background.js
index d25f7554a..461a8e797 100644
--- a/platform/chromium/vapi-background.js
+++ b/platform/chromium/vapi-background.js
@@ -181,12 +181,14 @@ vAPI.browserSettings = (( ) => {
                 // https://github.com/gorhill/uBlock/issues/3009
                 //   Firefox currently works differently, use
                 //   `default_public_interface_only` for now.
-                bpn.webRTCIPHandlingPolicy.set({
-                    value: vAPI.webextFlavor.soup.has('chromium')
-                        ? 'disable_non_proxied_udp'
-                        : 'default_public_interface_only',
-                    scope: 'regular',
-                });
+                // https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy/network#Browser_compatibility
+                //   Firefox 70+ supports `disable_non_proxied_udp`
+                const value =
+                    vAPI.webextFlavor.soup.has('firefox') &&
+                    vAPI.webextFlavor.major < 70
+                        ? 'default_public_interface_only'
+                        : 'disable_non_proxied_udp';
+                bpn.webRTCIPHandlingPolicy.set({ value, scope: 'regular' });
             }
         },