rbxts-flamework / core

Flamework is an extensible game framework. It requires typescript and offers many useful features.
MIT License
112 stars 8 forks source link

Disable networking client guards by default in production #87

Closed safazi closed 12 months ago

safazi commented 1 year ago

I think client receiving guards should be disabled outside of studio. The client should trust what the server sends it.

https://github.com/rbxts-flamework/networking/blob/d3475b3f168d9769d06e44a987c0df514c623499/src/events/createNetworkingEvent.ts#L12C59-L12C59

Fireboltofdeath commented 12 months ago

After thinking about it, this is likely better for end users to choose. You can simply do disableClientGuards: !RunService.IsStudio() in your networking config (although, in Flamework 1.0 this will become disableIncomingGuards)

Whilst I agree that the client should trust the server, there are replication behaviors that can cause data to not replicate properly or edge cases that might be encountered (e.g old datastore data, which has come up multiple times). Changing what events get accepted/rejected implicitly could potentially lead to confusion or disguise problems at runtime.