Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically enable the HttpService if running from BuiltInPlugins folder. #249

Closed
wants to merge 1 commit into from
Closed

Automatically enable the HttpService if running from BuiltInPlugins folder. #249

wants to merge 1 commit into from

Conversation

MaximumADHD
Copy link
Contributor

If the Rojo plugin is running locally in Roblox Studio's BuiltInPlugins folder, then it has access to enable the HttpService automatically. Roblox added methods for manipulating its value for the Game Settings plugin. This commit adds code to try and enable the HttpService if the module detects that its running from the BuiltInPlugin security context level.

@MaximumADHD
Enable HttpService if running from BuiltInPlugins.
10be499 
If the rojo plugin is running locally in Roblox Studio's BuiltInPlugins folder, then it has access to enable the HttpService automatically. Roblox added methods for manipulating its value for the Game Settings plugin. This commit adds code to try and enable the HttpService if the module detects that its running from the BuiltInPlugin security context level.
@LPGhatguy
Copy link
Contributor

We talked about this a bit on Discord and I mentioned this a little bit in this comment after we talked about it.

I don't think it's a good idea for Rojo to promote being put into built-in plugins.

The security responsibility of running inside built-in plugins is very high, and it puts a big target on Rojo. Built-in plugins have significant API access, which is one reason that it's likely that they'll be locked down in the future from Studio.

Rojo silently doing privileged things in the background like enabling HTTP is not good, since enabling HTTP is a security risk. This is a minor quality-of-life fix for a very high cost that impacts user's games. There's no way for Rojo to turn on HTTP without also turning it on for the developer's game, which is not good!

I would be open to a PR that makes this flow nicer without privilege escalation, like automatically selecting HttpService if Rojo tries to use it and it's disabled.

@LPGhatguy LPGhatguy closed this Sep 23, 2019
@MaximumADHD
Copy link
Contributor Author

Fair enough :)

I just wanted to propose this change in case it was of interest to anyone else. I was a bit annoyed having to manually enable the HttpService myself everytime I opened an empty place. I'll keep this patch on my own fork of the plugin for however long its available.

@LPGhatguy
Copy link
Contributor

If you want an empty place that has HTTP enabled, you can actually use Rojo to build it instead of using Roblox Studio!

With the default project given to you with rojo init, you can run:

rojo build -o Place.rbxlx
start Place.rbxlx

...and you'll get a Roblox Studio instance with a place that has all the fixins you expect from a new place, along with HTTP requests enabled!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaximumADHD @LPGhatguy