I know that WebRTC is encrypted and peer to peer, but I can’t find how the encryption and connection is setup by the custom component card? Is there somewhere the webrtc camera custom lovelace card’s security is documented? I was worried that it just takes the id I put in it, gets the stream url from go2rtc, and puts that in essentially an iframe. When I load http://rtcproxy01.makerland.xyz:1984/stream.html?src=camera in an incognito window, it loads without authentication. When I firewall inbound connections from my user vlan to the go2rtc server, it falls back to mse, even though the go2rtc server should be able to establish a connection back to the user vlan.
because you’re connecting on an open port, not home assistant. you wouldn’t want that exposed at all, you’d just use something like the webrtc card in HA to view the streams (webrtc card will use the go2rtc addon as the basis for accessing streams)