Closed std-microblock closed 2 years ago
TL;DR: I deliberatly didnt do this becuase external access may be needed. The reason I never set the server address to localhost/127.0.0.1 is for users who may need to access the data outside of the local machine (like myself). While using a secure connection would be nice, the data sent holds no importance so it isn't so bad if the packets are sniffed, and in reality, who will be sniffing these packets on a network, its unlikley you are playing on a public unsecure network. Now what I could do is store a mode inside a config file or add a toggle onto the ingame UI to allow or disallow external connections but for the average user, they wouldnt care about this and I also can't quite be bothered to figure out how to add things to the beatsaber UI (iirc theres a library for that but still).
Also to add a note, the actual client programs can still connect to this socket securley on the local machine, that is exactly what my overlay is meant to do too. Edit: I also belive that while chromium based browsers can connect securley to localhost over a websocket. It changes nothing fundamentally (aside from the data being local only) because the packets sent are still unencrypted.
so what i meant is to change the address in readme, not to change the one in Server.cs
Well your edit would be wrong anyway, the readme is staing that the data is sent out on that address, you changed it to make it appear like it is sent out on localhost, which it isnt.
the reason I want to use it in a secure context is many web apis are only available in secure context. I'm not interested in make it safer, the beatsaber data doesn't need to be that safe :)
Well your edit would be wrong anyway, the readme is staing that the data is sent out on that address, you changed it to make it appear like it is sent out on localhost, which it isnt.
hmm, so can you mention this in the readme to stop others from wasting time? discovering this spent me almost an hour xD
btw the plugin is kinda broken in 1.24
Ive not played in months xp. If i get my vr bits setup again soon then ill see if I rembeber to take a look at it again
you can use fpfc
actually
anyway, probably I'll make a pr when i have free time
you can use
fpfc
actuallyanyway, probably I'll make a pr when i have free time
Yeah I'm aware, its just when I dont play it I loose the intrest/motivation to go back to keeping this up to date. About the pr, if and when you make it ill check it out and well see from there
It seems like chrome (including edge and other chrome-based browsers) allows access to
ws://localhost
andws://127.0.0.1
in a secure context, so it's better to write these two rather thanws://0.0.0.0
.(verified by me and @WGzeyu)