Firefox support

[cBournhonesque]

Hi, I was wondering if there were any caveats/special handling that is needed for Firefox support.

I've had an issue where WebTransport connections get rejected on Firefox.
It doesn't seem to be certificate-related, since the exact same code/certificate works on google chrome.

@MOZGIII suggested that it might be on the server side.
I quote:

This is actually most likely the issue with the server-side
Firefox requires some special response from the server, I don't recall exactly - but please report this to wtransport

Maybe you have more information?

[MOZGIII]

Context on why I think so:

wtransport/wtransport/src/endpoint.rs

Lines 668 to 670 in 4b25852

	if !user_agent.contains("firefox") {
	response.add("sec-webtransport-http3-draft", "draft02");
	}

Maybe latest FF needs something else...

[BiagioFesta]

I was able to connect with firefox 123.0.2 (linux) to wtransport/full.rs.

Of course, as already mentioned in the parent issue, Firefox does not support serverCertificateHashes yet. That means you will need a trusted certificate to make it work.

---

I understand OP says Google Chrome works with the same certificate, did they set the correct anchors on FF?

Would it be possible to have wtransport server logs?
For example, I'd expect something like

INFO Connection{id=0}: full::webtransport: Result: Err(connection aborted by peer: the cryptographic handshake failed: error 42)

[MOZGIII]

Yes, on the second thought, this is most likely due to the lack of the trust to server certificate by FF. It works when set up properly without the serverCertificateHashes.

[MOZGIII]

Actually, Firefox should support serverCertificateHashes - as they have had patches for it in 125a. For me it still doesn't work though...

See the meta bug at their tracker: https://bugzilla.mozilla.org/show_bug.cgi?id=1709355

Here's the (second) fix for the serverCertificateHashes: https://bugzilla.mozilla.org/show_bug.cgi?id=1873263

Apparently the still didn't get it right