Browser-Based Apps
Browsers are a restricted environment: communication is limited to WebSockets, Web Transport, and WebRTC; mixed content policies enforce HTTPS-only; and there is no access to the filesystem or system calls. The main obstacle for routing traffic through the Mixnet is the lack of access to browser TLS negotiation or the CA certificate store from JavaScript.
Two integration options are available, both delivered as packages bundled into your web application.
mixFetch
A drop-in replacement for the browser fetch API that makes HTTP(S) requests via Exit Gateways using the SOCKS Network Requester. It ships with an embedded CA certificate store to establish a TLS session between mixFetch and the remote host, creating a secure channel from the browser to the destination over the Mixnet.
Internally, mixFetch uses the WASM client.
mixFetch currently supports a maximum of 10 concurrent in-flight requests. mixFetchv2, which will function as a general-purpose userspace IP stack, is in development.
WASM Client
Constructs Sphinx packets and cover traffic in WASM, sent over a WebSocket to the Entry Gateway. Responses arrive the same way.
This operates in messaging mode only (text or binary payloads) and does not currently support IP packet routing via the Exit Gateway IPR or any stream-like API. For HTTP(S) requests, use mixFetch.
Standard browser CSP and mixed content restrictions (HTTPS only) apply to the WebSocket connection, including in embedded WebViews.
The client runs in a web worker to keep the UI thread free.