-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please add a way to request URL whitelisting by addon code. #34
Comments
I'm not sure about other addons dynamically adding urls to the default whitelist. I would like the default url whitelist to stay controlled by the server owner/admins as much as possible. It would be better if it required approval by someone with a specific permission. This is a different issue but I noticed alot of your pls files have urls for streams in them, currently streams do not work with this addon installed. This is due to the content of the requests being checked by making a GET request to the url and if the HTTP request never finishes the content cant be checked with the gmod HTTP library as far as I know. |
Yes, that popup for admin approval thing sounds fine to me. The addon requests the approval. Requested URLs are put into a pool reserved for said addon. Admin decides when ever to accept/decline/block changes in the pool. Maybe add a parameter for a description text too, so the addon could tell the admin what the approval request is about. Something like this:
Rules would be:
The issue with the get request never finishing is awkward. So streams played with sound.PlayURL() will never work. Is it possible to give it a timeout or a size limit using Range? Maybe you could use HEAD method to check if it was a stream or a read able file type? These options should work with HTTP() according to the wiki. |
I did try the range header with a stream and it did not work, I think that depends on the server actually implementing that functionality. A HEAD request wouldnt get the body of a response so I don't know if it would be a reliable way to determine if a file is a playlist file. |
The HEAD request could give you the content type and the content length. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#message_body_information) For streams the type would be something like You would use it as a pre-flight thing, that would be started before the actual GET request. Check This is what I would do:
This way it should be safe from any relevant HTTP manipulation, but make it usable for streaming and non-streaming content. |
With the latest GMod update, the supposed issues with HTTP methods were resolved. |
The Problem
Some addons might rely on external HTTP request to work properly. So does my addon 3D Stream Radio: https://github.com/Grocel/3D-Stream-Radio
In the case of the radio addon, it ships with default playlist files (lists of URLs), that can be (and are) curated by server admins. These are basically trusted by server URLs. These files are stored on the server side, but are used/seen by clients whenever it has been viewed/picked on a radio entity.
At the moment the radio can not play server curated URLs, as these are not whitelisted by default. It is useful to not allow arbitrarily random URLs, especially those from other clients. But it causes bad UX on addons such as the radio with no way to account for this properly yet. The user just would see the default playlist as "being broken" for no apparent reason.
My request
I would like to request a callable function to request a particular URL to be whitelisted on the client (the server too?) via addon code unless it has been specifically blacklisted.
The addon, which is already being trusted by being installed, would be able add their necessary HTTP calls to the whitelist.
In case of 3D Stream Radio, the addon would whitelist all the URLs in the playlist items the server has under its belt.
One way would be an addon-shipped config file, but I also would need a dynamic way for whitelisting on the fly, as the admins could change playlist contents, etc.
I would like the whitelisting request to not issue any user facing prompts unless specifically asked for by addon code, e.g. by a parameter being true etc.(A better suggestion on this was posted below)Bonus request
A server side function for whitelist requesting, so addons wouldn't need to network them to all clients by them-selves. There is also joined-after management to account for etc.
Solution
I am not sure what solution would be the best to implement, so I would like to leave it up to your creativity. I am also open for alternative solutions you might find.
The text was updated successfully, but these errors were encountered: