Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URLs with the HTTP protocol are not being accepted #2788

Closed
decentraland-bot opened this issue Nov 13, 2024 · 6 comments · Fixed by #3281
Closed

URLs with the HTTP protocol are not being accepted #2788

decentraland-bot opened this issue Nov 13, 2024 · 6 comments · Fixed by #3281
Assignees
@AlejandroAlvarezMelucciDCL
Labels
1-high Very important but not critical or game breaking bug Something isn't working
Milestone
Cycle 11

Comments

@decentraland-bot
Copy link

decentraland-bot commented Nov 13, 2024
edited by Ludmilafantaniella
Loading

Severity:

SEV-2 | Critical, impacting some users

Description:

URLs with the HTTP protocol are not being accepted. In both the web client and alternative clients, these URLs are ignored when in preview mode

Operating system:

Windows 11

Error:

null

Steps to reproduce:

-clone this repo https://github.com/decentraland-scenes/cube-jumper-colyesus-sdk7
initialize the server

-test in web explorer with npm run start and check that everything works

-test in the desktop app with npm run start -- --explorer-alpha and check that the game is not working because is not allowing server's local connection

Ticket number:
@github-actions github-actions bot added the new Issues to triage label Nov 13, 2024
@Vitsky4079
Copy link
Collaborator

image

@pabloes
Copy link

pabloes commented Nov 13, 2024

Tested on Apple M1 Pro Sequoia 15.0.1

@Ludmilafantaniella Ludmilafantaniella added 1-high Very important but not critical or game breaking and removed need QA validation labels Nov 14, 2024
@Ludmilafantaniella
Copy link

STR:

  1. Open two separate command line windows.

    In the first window:

    • Navigate to the /server folder.
    • Run npm i to install dependencies.
    • Run npm run start to start the server.
    • The server should start, and you should see a confirmation message. Leave this window running.

    In the second window:

    • Go to the root directory of the repository.
    • Run npm i to install dependencies (if not already installed).
    • Run npm run start -- --explorer-alpha to start the scene as usual.

✅ Expected Result:

2788.support.mp4

❌ Actual Result:

2788.support.desktop.mp4

@Ludmilafantaniella Ludmilafantaniella added bug Something isn't working and removed ReportBot labels Nov 14, 2024
@m3taphysics m3taphysics removed the new Issues to triage label Nov 15, 2024
@nearnshaw nearnshaw mentioned this issue Jan 16, 2025
Open
@m3taphysics m3taphysics added this to the Cycle 11 milestone Jan 29, 2025
@AlejandroAlvarezMelucciDCL AlejandroAlvarezMelucciDCL moved this from Todo to In Progress in Explorer Alpha Jan 30, 2025
@AlejandroAlvarezMelucciDCL
Copy link
Collaborator

Hey @m3taphysics, before submitting a fix, is there any security concern I should be aware of that you can think of?

Merged
@AlejandroAlvarezMelucciDCL AlejandroAlvarezMelucciDCL linked a pull request Feb 3, 2025 that will close this issue
fix: 2788 - urls with http support in preview #3281
Merged
@pravusjif
Copy link
Member

Last time I checked, the only way to make a Unity app accept "http" requests is to change the "Allow downloads over HTTP" setting to allow it.

But that also means we have to start checking EVERY request and if we are not in Local Scene Development, then manually reject any HTTP request, only allowing HTTPS.

Image

@AlejandroAlvarezMelucciDCL AlejandroAlvarezMelucciDCL moved this from In Progress to With QA / Awaiting Review in Explorer Alpha Feb 10, 2025
@AlejandroAlvarezMelucciDCL
Copy link
Collaborator

Last time I checked, the only way to make a Unity app accept "http" requests is to change the "Allow downloads over HTTP" setting to allow it.

But that also means we have to start checking EVERY request and if we are not in Local Scene Development, then manually reject any HTTP request, only allowing HTTPS.

Image

Thanks @pravusjif for your input!
It seems that affects usual requests, but we're using JS API and wrappers, and I didn't find anything blocking those and my fix seems to work fine.
We definitely need more tests, maybe in some cases what you mentioned takes place, but so far in my tests it didn't 🤞

@github-project-automation github-project-automation bot moved this from With QA / Awaiting Review to Done in Explorer Alpha Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlejandroAlvarezMelucciDCL AlejandroAlvarezMelucciDCL

Labels
1-high Very important but not critical or game breaking bug Something isn't working
Projects
Explorer Alpha
Status: Done
Milestone
Cycle 11
Development

Successfully merging a pull request may close this issue.

fix: 2788 - urls with http support in preview decentraland/unity-explorer
8 participants
@m3taphysics @pravusjif @pabloes @decentraland-bot @fcolarich @Ludmilafantaniella @AlejandroAlvarezMelucciDCL @Vitsky4079