this is the only feasible1 way to connect from a secure context (https:// page, browser extension, localhost) to a server that doesn't have a TLS certificate signed by a CA, and by extension a domain name.
-
you can abuse STUN/TURN for this but it doesn't work very well
