The biggest blocker for (securely) running P2P apps in the browser seems to be mixed content restrictions. We're so close!
Specifically, web crypto isn't available on insecure sites, and unencrypted WebSockets (e.g. to a LAN server) aren't allowed on secure sites. The crypto API *could've* proven authenticity of your LAN server without requiring domains/cert chains.
Still, that might actually be a bug in Brave. And it has other downsides. Although crypto is enabled, other permissioned resources aren't, like audio/video. Which coincidentally was exactly what I needed it for.
I've really gone out of my way to avoid using a domain. I want to know how P2P browser apps can work in practice. But I'm not seeing a good method yet.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.