Closed eezstreet closed 6 years ago
shikhir-arora
commented
6 years ago Hm, my two cents: I don't think exposing such an endpoint without HTTPS/TLS is ever a good idea. In fact webhooks are a model use case where you would want to always use HTTPS. I can see users being confused if an option existed among other things.
You can always use IPC/RPC to communicate and for your use case you can probably apply for the additional scopes if needed.
msciotti
commented
6 years ago Hi eezstreet. Unfortunately, I don't think exposing these methods without TLS is not something we're going to want to do. Night or Jake are welcome to correct me, but I'm confident they would agree. Your best bet would be to route to an intermediate server that can make HTTPS requests to our API. I apologize that it's not a more elegant solution, but it is the correct way.
jhgg
commented
6 years ago Correct. We will never expose any API over a non secure channel.
Hi,
I am the developer of a mod called SWAT: Elite Force. One of the ideas I had in mind was to develop a webhook that could be used to either relay ingame chat, report problem players, or to report when the server has reached a certain number of players.
However, it seems that the webhooks can only function in HTTPS. This is a problem for me, because the game's programming language (Unrealscript) does not offer TLS or SSL to pipe in POST and GET requests - instead I am forced to use basic HTTP only. Short of writing my own implementation of SSL (which will take an immense amount of time) or using a go-between server to relay HTTP requests to HTTPS (which is not future-proof, is potentially insecure, and is generally ugly), I have no option to make my webhook work. What I would ask is that you implement the option to have us use HTTP instead of HTTPS for webhooks. This would be an opt-in feature that the person using the webhook would be able to use. Probably a checkbox that has "Allow HTTP Requests".
Thank you for your time.